strip defined character from string

Question

im having a odd problem os my website, i have a script that records all the searchs and insert those search words on database, the problem is that since search engine robots started sneaking around my website, they make my script to produce search keywords like "search keywords////////////////////////////////////////////////" I want to strip that characteres ( ////////// ) before indexed on mysql.

This is what i have:

$search=htmlspecialchars($_GET['load']); 
$say=mysql_query("SELECT * FROM madvideo WHERE MATCH (baslik) AGAINST ('*$search*' IN BOOLEAN MODE)"); 
$saydim=mysql_num_rows($say);
$count = $saydim;
$page = !empty($_GET["page"]) ? intval($_GET["page"]) : 1;
$s = ($page-1)*$perpage;
$sayfasayisi=ceil($count/$perpage);
if(ayaral("Arananlar-Kaydet")=="1") {
$ekle=cevir($search);
@mysql_query("insert into tag (baslik,tr,tarih) values ('$search','$ekle',now()) "); }

The variable " $search " will call the search word, and i dont know whats the strip syntax i have to use to strip that nasty ///////// character.

EDIT: the code that creates the words is this:

$vtitle = str_replace("\r\n\r\n", ' ', $vtitle); 

$words = explode(' ', $vtitle); 

$k = count($words); 
$k3 = ceil($k/3); 

$new = array(); 
for ($i=0; $i<$k; $i+=$k3) { 
    $new[] = join(' ', array_slice($words,$i, $k3)); 
} 
$tag1 = $new[0]; 
$tag2 = $new[1]; 
$tag3 = $new[2];

Please, don't use `mysql_*` functions anymore, they're being deprecated. Checkout `PDO` or `mysqli_` and use prepared statements. Meanwhile `str_replace('/','',$stirng);` should work — Elias Van Ootegem, Sep 28 '12 at 09:06
Use post forms, not get forms. Otherwise you are asking for such trouble your own, looks like you re-linked the search and made a mistake with that. Also what did you try so far, you only have given a description of your issue. — hakre, Sep 28 '12 at 09:15

Develoger · Answer 1 · 2012-09-28T12:27:23.690

1

EDIT:

Real example...

<?php

if(isset($_REQUEST['str'])) {

    $search = $_REQUEST['str'];

    $ser_chk = strpos($search, "/");
    if ($ser_chk > -1) {
    $search = str_replace("/", "", $search);
    }

}

?>

<h1><?php print $search; ?></h1>

<form action="" method="post">

<input type="text" size="100" value="search keywords////////////////////////////////////////////////" name="str" />
<input type="submit" />

</form>

LINK TO TEST: http://simplestudio.rs/tsto.php

At least do:

$search = mysql_real_escape_string($search);

Also you can check for that characters and if founded just replace them with empty string.

$ser_chk = strpos($search, "/");
if ($ser_chk > -1) {
$search = str_replace("/", "", $search);
}

edited Sep 28 '12 at 12:27

answered Sep 28 '12 at 09:04

Develoger

3,950
2
24
38

What exactly have you tested? – Develoger Sep 28 '12 at 12:10
Well i tested your whole code since the variables are the same im using. but the /// characters are still not being stripped :S – Dani Queiroga Sep 28 '12 at 12:19

jsist · Accepted Answer · 2012-09-28T13:19:13.697

1

Use MySQL TRIM function to remove from end of the string as follows:

TRIM(TRAILING '/' FROM <string>)

@mysql_query("insert into tag (baslik,tr,tarih) 
values (TRIM(TRAILING '/' FROM '$search'),'$ekle',now())")

To trim from both beginning and ending, use following

TRIM(BOTH '/' FROM <string>)

@mysql_query("insert into tag (baslik,tr,tarih) 
values (TRIM(BOTH '/' FROM '$search'),'$ekle',now())")

To remove all occurences of the string use REPLACE function as follows:

REPLACE(<string>, '/', '')

@mysql_query("insert into tag (baslik,tr,tarih) 
values (REPLACE('$search', '/',''),'$ekle',now())")

Hope it helps...

edited Sep 28 '12 at 13:19

answered Sep 28 '12 at 09:07

jsist

5,223
3
28
43

Thanks shubhansh, that worked for the /// at the end of the text, but i noticed that this issue also happens on text that have the /// characteres like: word/´s////. How can i remove all the //// characteres? Regards – Dani Queiroga Sep 28 '12 at 12:06
I tested /////word and the characteres still remain. This is really wierd, i cant figure it out why these //// are being produced when the bots hit the page. i will post my script that creates these words. Thanks – Dani Queiroga Sep 28 '12 at 12:27
I just checked but it turns me this error: Parse error: syntax error, unexpected '"' in /usr/home/myuser/domains/mydomain.com/public_html/search.php on line 30 i tryed to fix it by removing one " but dont work. Thanks for your patience EDIT: the line of the output error is the same we are working here – Dani Queiroga Sep 28 '12 at 13:06
Just a dumb question, im not using the first line you provided: TRIM(TRAILING '/' FROM ) because it was trowing an error, so i removed and your first fix was working, this last one is giving me the error i mentioned on previous reply – Dani Queiroga Sep 28 '12 at 13:15
Use single quotes, in place of double quotes, i forgot you are using PHP. I have edited my answer check that out... – jsist Sep 28 '12 at 13:19
I did as you mentioned but now is not working at all, theres no output error but just dont replace the characteres. What a bummer – Dani Queiroga Sep 28 '12 at 14:21
Sorry, its working properly, i was testing in a old php file. Thanks so much for your efforts on trying to help me. You saved my week. Sincerely – Dani Queiroga Sep 28 '12 at 14:55
I just accepted yours, thanks. Please tell me, if i need to replace more characteres how should i use? i was trying you fix this way: @mysql_query("insert into tag (baslik,tr,tarih) values (REPLACE('$search', '/\',''),'$ekle',now())"); } but dont replace the \ characteres only the /. – Dani Queiroga Sep 28 '12 at 15:08
You will be required to do mysql_real_escape, if you are having '\' in string, '\' is mysql escape character. After that you can do as follows: @mysql_query("insert into tag (baslik,tr,tarih) values (REPLACE(REPLACE('$search', '\\',''),'/',''),'$ekle',now())"); } – jsist Sep 28 '12 at 15:15
Is it working if you don't use mysql_real_escape_string? Check if return value from mysql_real_escape_string is not FALSE? Try using mysql_escape_string or addslashes function? try debugging value of $search after mysql_real_escape_string? – jsist Sep 28 '12 at 17:09
I really tought the problem was at the end of word, but i just noticed this only happens on words that have the ´ accent, like word´s it will turn word\\\\\\´s. I think im going to drop this option. Thanks for everything – Dani Queiroga Sep 28 '12 at 18:24

score 1 · Answer 3 · answered Sep 28 '12 at 09:08

1

If the / characters appear always at the end of the $search, you can use rtrim using the second (optional) parameter:

$search = "search keywords////////////////////////////////////////////////";
$search = rtrim($search, '/ ');
echo $search; // prints 'search keywords'

answered Sep 28 '12 at 09:08

Carlos Campderrós

22,354
11
51
57

They appear at the end, and when the text have the ` symbol. ie: word/´s. Thanks Carlos – Dani Queiroga Sep 28 '12 at 12:14

score 0 · Answer 4 · answered Sep 28 '12 at 09:03

0

$regex = "/\//";
$string = "////search";
$string = preg_replace($regex, '', $string);

echo $string;

answered Sep 28 '12 at 09:03

Riz

9,703
8
38
54

score 0 · Answer 5 · answered Sep 28 '12 at 09:16

0

The flexible solution for character repetition will be a regular expression.

$output = preg_replace('/\/[\/]+/', '/'. $input);

It will handle any number of "/" and replace it with a single "/".

answered Sep 28 '12 at 09:16

Lukasz Kujawa

3,026
1
28
43

I need to remove all the / because in the current environment its not suposed to have this. I Appreciate your time – Dani Queiroga Sep 28 '12 at 13:18

strip defined character from string

5 Answers5