How to escape $ in PHP using preg_replace?

Question

I am using preg_replace to escape special characters:

$tmpStr=preg_replace("/\?/", "\?", $tmpStr);
$tmpStr=preg_replace("/\#/", "\#", $tmpStr);
$tmpStr=preg_replace("/\^/", "\^", $tmpStr);
$tmpStr=preg_replace("/\&/", "\&", $tmpStr);
$tmpStr=preg_replace("/\*/", "\*", $tmpStr);
$tmpStr=preg_replace("/\(/", "\(", $tmpStr);
$tmpStr=preg_replace("/\)/", "\)", $tmpStr);
$tmpStr=preg_replace("/\//", "\/", $tmpStr);

But I am not able to escape $ using the same function:

$tmpStr=preg_replace("/\$/", "\$", $tmpStr);

And also when I use the above statement all the spaces get replaced by $ and $ is not getting escaped.

How do I escape the dollar sign correctly?

score 14 · Accepted Answer · answered Apr 20 '09 at 10:42

14

I would strongly recommend using preg_quote() instead.

answered Apr 20 '09 at 10:42

soulmerge

73,842
19
118
155

1

I would find this answer more helpful if it gave the rationale for using preg_quote instead of preg_replace. Also, it would be nice to know why the preg_replace approach didn't work for escaping the dollar sign. – Syntax Junkie Oct 19 '16 at 20:52
1

@RandallStewart "preg_quote instead of preg_replace"? Those two functions are not replaceable, you can't use one instead of the other, you use `preg_quote` to escape values in regular expression strings (used inside of `preg_replace`) – Brian Leishman Jul 27 '17 at 20:05
This will produce bugs in other places. For example `‌‌preg_replace('/\{\s*price\s*\}/', preg_quote('$100.00'), 'it cost {price}');` will return `‌it cost $100\.00` instead of the expected `‌it cost $100.00` – Peter Ajtai May 09 '18 at 23:12
2

@PeterAjtai: I think you misunderstood the purpose of `preg_quote()`: It is not for the *second* parameter of `preg_replace()`, but for the *first*. Please re-read the question and the documentation of `preg_quote()` (the second example might be especially useful for fully understanding the issue at hand) – soulmerge May 14 '18 at 07:23
Thanks @soulmerge I see the difference. – Peter Ajtai May 15 '18 at 03:41
This can not be used in conjuction with ```preg_replace``` as it leaves slashes in front of other special chars. – Rik Verbeek Nov 15 '22 at 10:23

score 9 · Answer 2 · answered Aug 23 '11 at 18:31

9

The correct answer is that you must escape the backslash and the dollar sign in the regex using PHP's escape characters.

backslash = \\
dollar sign = \$

$tmpStr=preg_replace("/\\\$/", "\\$", $tmpStr);

This is useful for anyone that needs to match a string that contains a dollar sign.

answered Aug 23 '11 at 18:31

Sal

191
1
2

1

I think this should be the correct answer to the question also with the explanation, because in my case also preg_quote had a problem with replacing with the dollar sign and this double escaped version solved it. – Mochi Jun 22 '20 at 12:14

amphetamachine · Answer 3 · 2010-05-22T03:09:21.243

Looks like your problem is one of escaping. Single quotes (') in PHP work differently than double quotes ("). It's a lot like in Perl, where variable interpolation does not happen in singly-quoted strings, and the dollar sign ($) is not a meta-character:

print "\$"; # prints $
print '\$'; # prints \$

Also, Perl's character classes will simplify your code:

$tmpStr = preg_replace('/([?#^&*()$\\/])/', '\\\\$1', $tmpStr);

score 4 · Answer 4 · answered Apr 20 '09 at 10:43

4

The $ sign has to be escaped with itself so

$tmpStr=preg_replace("/$$/", "\$", $tmpStr);

I would also advise to look to addslashes instead.

answered Apr 20 '09 at 10:43

Peter Smit

27,696
33
111
170

score 2 · Answer 5 · edited Nov 01 '12 at 10:33

2

Yes, it does seem that \\$ is seen by PHP as $ in a double-quoted string. That means you have to make PHP see a \$ by saying \\\$ .

I just tried preg_replace("/\\\$$k\\\$/", $v, $data) and indeed it works (replaces occurrences of $KEY$ with VALUE.

edited Nov 01 '12 at 10:33

j0k

22,600
28
79
90

answered Nov 01 '12 at 10:13

katushkin

21
2

score 0 · Answer 6 · answered Apr 20 '09 at 10:38

0

IIRC you replace $ with $. So it should be $$

You can also try

$tmpStr=preg_replace('/\$/', '\$', $tmpStr);

answered Apr 20 '09 at 10:38

Ólafur Waage

68,817
22
142
198

score 0 · Answer 7 · answered Apr 20 '09 at 10:47

isn't it true that PHP sees \$ as $ ? I haven't tested this out, it might go like this;

php is first, and replaces your "/\$/" with "/$/" then the preg engine does it's magic .. unfortunately, $ is a regular expression operator ( I believe it matches the end of a string?), so it doesn't find the $-characters in your text but will

I think, what you need to do, is to doubble escape the $-character like so;

$tmpStr=preg_replace("/\$/", "\$", $tmpStr);

Also .. in this case, I would have just used str_replace()

score -1 · Answer 8 · edited Mar 17 '16 at 08:16

-1

$pattern = preg_replace('/\$(.+)/', '\\\$$1', $pattern);

edited Mar 17 '16 at 08:16

Andreas Louv

46,145
13
104
123

answered Mar 17 '16 at 07:49

mMo

233
2
10

Could you add some details regarding your code and it how addresses the problem(s) in the question? Code only answers are not very useful, especially for future readers that stumble upon this post. Thanks, – Cristik Mar 17 '16 at 08:06

score -2 · Answer 9 · edited Feb 03 '15 at 16:20

-2

In PHP, for the particular case of "$" used in HTML, you can also do a previous replace for its entity:

$tmpStr = str_replace('$', '&amp;#36;',$tmpStr);

edited Feb 03 '15 at 16:20

lennon310

12,503
11
43
61

answered Feb 03 '15 at 16:00

Germán

1
1

score -2 · Answer 10 · answered Jun 12 '15 at 13:48

-2

Try a addslashes() ?

Check php.net / addslashes()

answered Jun 12 '15 at 13:48

KingRider

2,140
25
23

How to escape $ in PHP using preg_replace?

10 Answers10

Linked