php replace single and multiple back slash in text

Question

I must do an insert query into a mysql table but I cannot do that because the text that I must insert isin the following format:

Pas d\'informationrd <table border='1' cellpadding='3' cellspacing='0'>
                <tr style='text-align:center;'><th rowspan=2>Nom de la pièce</th> <th rowspan=2>Référence</th> <th rowspan=2>Prix</th>
                <th colspan='3' style='text-align:center;'>Operations</th></tr><tr><th style='text-align:center;' width='100px'>Code opération</th><th style='text-align:center;' width='100px'>Libellé</th><th style='text-align:center;' width='100px'>Temps</th></tr><tr><td></td><td></td><td></td><td></td><td></td><td></td></tr><tr><td style='height: 70px'>Commentaire</td><td style='height: 70px' colspan=5></td></tr></table><br>Pas d\'informationrd <table border='1' cellpadding='3' cellspacing='0'>

As you may notice sometimes there are the following characters " \' " and sometimes " ' ".

I tried a PHP replace in the following way:

    $response_decoded = str_replace("\\","", $row["ope_response"]);
    $text = str_replace("\\","", $row["text"]);
    $response_decoded = str_replace("'","\'", $row["ope_response"]);
    $text = str_replace("'","\'", $row["text"]);

But it didn't work because only I added a " \ " everywhere:

<br>Pas d\\'informationrd <table border=\'1\' cellpadding=\'3\' cellspacing=\'0\'>
                <tr style=\'text-align:center;\'><th rowspan=2>Nom de la pièce</th> <th rowspan=2>Référence</th> <th rowspan=2>Prix</th>
                <th colspan=\'3\' style=\'text-align:center;\'>Operations</th></tr><tr><th style=\'text-align:center;\' width=\'100px\'>Code opération</th><th style=\'text-align:center;\' width=\'100px\'>Libellé</th><th style=\'text-align:center;\' width=\'100px\'>Temps</th></tr><tr><td></td><td></td><td></td><td></td><td></td><td></td></tr><tr><td style=\'height: 70px\'>Commentaire</td><td style=\'height: 70px\' colspan=5></td></tr></table><br>Pas d\\'informationrd <table border=\'1\' cellpadding=\'3\' cellspacing=\'0\'>

As you can imagine, I must substitute every " ' " with " \' " and in the same time every " \' " must remain " \' ".

Can help?

Backslashes aren't a problem at all when inserting text in a database. I suspect your application is vulnerable to SQL injection and that's trivial to fix. Removing slashes will damage your data and won't solve SQL injection anyway so your app will crash randomly. — Álvaro González, Aug 31 '20 at 14:37
Yep I know... I will do a new application to solve those problems! — Michele Della Mea, Aug 31 '20 at 14:58
When I said trivial I meant literally that. You don't need a full rewrite. — Álvaro González, Aug 31 '20 at 15:00
How would you solve the sql injection problem with a trivial method? — Michele Della Mea, Sep 01 '20 at 07:53
Your DB code probably looks like `$conn->query("SELECT * FROM data WHERE name = '$name'")`. Make it like `$conn->prepare('SELECT * FROM data WHERE name = ?')->execute([$name]);`. The exact syntax depends on how you connect to MySQL, more info [here](https://stackoverflow.com/q/60174/13508). — Álvaro González, Sep 01 '20 at 07:58

score 0 · Answer 1 · answered Aug 31 '20 at 10:49

0

If you want to insert into the database:

json_encode()

Decodes a JSON string

json_decode()

answered Aug 31 '20 at 10:49

Anhnt

71
5

score 0 · Answer 2 · answered Aug 31 '20 at 14:03

Finally I solved... I forgot to concatenate the variables:

    $response_decoded = $row["ope_response"];
    $text = $row["text"];
    $response_decoded = str_replace("'","\'", $response_decoded);
    $text = str_replace("'","\'", $text);
    $response_decoded = str_replace("\\\'","\'", $response_decoded);
    $text = str_replace("\\\'","\'", $text);

php replace single and multiple back slash in text

2 Answers2