-1

I have following string (using $_POST), how to remove all the new line, spaces and make it as a absolute single line?

Physical Address. . . . . . . . . : E8-6A-64-DE-48-60
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8F
Physical Address. . . . . . . . . : 06-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-92

Not always stable?

$request= mysql_real_escape_string(trim($_POST['request']));
$request_sql =str_replace("\r\n",'', $request);
$request_sql = str_replace("\\r\\n",'', $request_sql);
echo $request_sql;
Salines
  • 5,674
  • 3
  • 25
  • 50
  • You are replacing `\r\n` not `\r` and `\n`. you should call `str_replace` for every character you want to remove. or use a regex – Accountant م Aug 22 '19 at 07:49
  • You mean this wont work? ` $request_sql =str_replace("\r\n",'', $request); $request_sql = str_replace("\\r\\n",'', $request_sql); $request_sql = str_replace("\\r",'', $request_sql); $request_sql = str_replace("\\n",'', $request_sql); $request_sql = str_replace("\r",'', $request_sql); $request_sql = str_replace("\n",'', $request_sql);` –  Aug 22 '19 at 07:51
  • You should use `mysqli_real_escape_string` instead of the `mysql_*` function. This makes it easier to migrate code to php 7.x – LLJ97 Aug 22 '19 at 07:54
  • php 5* (cant use php 7.x –  Aug 22 '19 at 07:54
  • This will remove new lines, not spaces. and this `\\n` will remove `\n` (not the new line char but will remove a backslash followed by char n)., the answer by @H.Hamidi should be fine. – Accountant م Aug 22 '19 at 07:54
  • You should still use it. It is highly discouraged to use the `mysql_*` extension. The `mysqli_*` is safer. – LLJ97 Aug 22 '19 at 07:55
  • What is your post data ? This line Physical Address. . . . . . . . . : E8-6A-64-DE-48-60 or only E8-6A-64-DE-48-60 ??? – Salines Aug 22 '19 at 08:32

4 Answers4

1

trim only strips spaces at end and start of the string and you should strip \r and \n individually.

try this:

$request= mysql_real_escape_string($_POST['request']);
$request_sql =str_replace("\n",'', $request);
$request_sql = str_replace("\r",'', $request_sql);
$request_sql = str_replace(" ",'', $request_sql);
echo $request_sql;
FadedForEver
  • 146
  • 10
  • SQL injection risks? are there. –  Aug 22 '19 at 07:59
  • I mean just test if there is problem in escaping.yes ,your are right, there is must in escaping strings. – FadedForEver Aug 22 '19 at 08:01
  • @YumYumYum Why this didn't work ? this should replace every `"\n"` and every `"\r"` and every space from your string, what makes you think it didn't work ? do you have sample data and expected result ? – Accountant م Aug 22 '19 at 08:04
  • @Accountant م maybe there is problem in encoding string ? – FadedForEver Aug 22 '19 at 08:06
  • `PhysicalAddress:E8-6A-64-DE-48-60PhysicalAddress:04-EA-56-08-E6-8FPhysicalAddress:06-EA-56-08-E6-8EPhysicalAddress:04-EA-56-08-E6-8EPhysicalAddress:04-EA-56-08-E6-92` - Sample data expected result. –  Aug 22 '19 at 08:06
  • @YumYumYum hey i just made code sample of my code . could you take look at that . https://www.tehplayground.com/xVFZUoHfrijj3uh6 – FadedForEver Aug 22 '19 at 08:08
  • @YumYumYum hmm, ASCII and UTF-8 will both work fine for finding these 3 chars "\r" and "\n" and space, but I'm not sure about other encodings, sorry. – Accountant م Aug 22 '19 at 08:09
  • @YumYumYum check [this answer](https://stackoverflow.com/a/3786018/5407848) – Accountant م Aug 22 '19 at 08:15
  • 1
    @YumYumYum oh I didn't notice that you are escaping the string before removing the chars you want to remove, **First** remove the chars from the original input, **second**, escape the string, or better use **prepared statements**. – Accountant م Aug 22 '19 at 08:29
  • @Accountant م i don't it works but it worth testing. – FadedForEver Aug 22 '19 at 08:31
1

Try using regex.

$request = $_POST['request'];

//Remove all characters that are not A-Z, a-z, 0-9 or '.', ':' or '-'
$request_sql = preg_replace("/[^A-Za-z0-9.:-]/", '', $request );
Enbee
  • 128
  • 9
  • `E8-6A-64-DE-48-60` from line `: and -` middle dash cant be removed, its part of original value. –  Aug 22 '19 at 07:59
  • `$request_sql = preg_replace("/[^A-Za-z0-9:-]/", '', $request );` did not worked. –  Aug 22 '19 at 08:05
  • It should work unless I am not understanding your question correctly, see [this example](https://ideone.com/HoCJqI). – Enbee Aug 22 '19 at 08:08
0

try:

$str = 'Physical Address. . . . . . . . . : E8-6A-64-DE-48-60 
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8F 
Physical Address. . . . . . . . . : 06-EA-56-08-E6-8E 
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8E 
Physical Address. . . . . . . . . : 04-EA-56-08-E6-92';

echo str_replace(" \n", '', $str);

Output: 

Physical Address. . . . . . . . . : E8-6A-64-DE-48-60Physical Address. . . . . . . . . : 04-EA-56-08-E6-8FPhysical Address. . . . . . . . . : 06-EA-56-08-E6-8EPhysical Address. . . . . . . . . : 04-EA-56-08-E6-8EPhysical Address. . . . . . . . . : 04-EA-56-08-E6-92

After replacing the \n you can use mysql escape string to avoid sql injection.

Chetan Ameta
  • 7,696
  • 3
  • 29
  • 44
0

The problem with your code is that mysql_real_escape_string will not only escape ' and " but it will escape other characters like \n and \r which you want to remove.

It will replace new line characters with a backslash character followed by l characters

so removing newlines, carriage return after they have been escaped will result in a string with extra backslashes \ and n and r characters.

Check out this

<?php
$originalString = 
"Line1 
Line2
";
// CASE 1 WRONG RESULT
$string1 = mysqli_real_escape_string($con, $originalString);
$string1 = str_replace("\n", '', $string1);

echo "escape then replace result \n";
echo $string1 . "\n";

//CASE 2 EXPECTED RESULT
$string2 = str_replace("\n", '', $originalString);
$string2 = mysqli_real_escape_string($con, $string2);

echo "replace then escape result \n";
echo $string2 . "\n";

this will output

escape then replace result 
Line1\nLine2\n
replace then escape result 
Line1Line2

So to correct your code

$request_sql =str_replace(["\n", "\r", " "],'', $_POST['request']);
$request= mysql_real_escape_string($request_sql);
echo $request_sql;

Please don't use mysql_real_escape_string , instead use prepared statements, here an answer for how to switch to them, they will make your life much more easier and safer.

Accountant م
  • 6,975
  • 3
  • 41
  • 61