我需要一个干净的字符串来自字符串 我只想要Numbers / Persian / Latin
function clean($str) {
global $mysqli;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($mysqli,preg_replace("/^(?!.*[(@#!%$&*)])[A-Za-z\s\x{0600}-\x{06FF}0-9_\.\-]+$/u","",$str));
}
echo clean('a|"bc!@£d012e^&$ییییfg');
i want this =>//echo abcd012eییییfg
i dont want have any => ( @,#,!,%,$,&,|,",£,^* )
答案 0 :(得分:0)
给它一个旋转。它只使用正则表达式:
function clean($str){
$re = "/([0-9a-zA-Z\x{600}-\x{6FF}])/u";
preg_match_all($re, $str, $matches);
return isset($matches[0]) ? implode($matches[0]) : '';
}
echo clean('a|"bc!@£d012e^&$ییییfg');
// output: abcd012eییییfg
echo clean('a|"bc!@Β£d艾β012艾e^&$ییییfg');
// output: abcd012eییییfg
如指出here,波斯字符介于600和6FF之间
您可以看到它here:https://3v4l.org/arLMj
答案 1 :(得分:0)
您可以尝试以下正则表达式:
function clean($mysqli,$str) {
//global $mysqli; //pass this as a parameter
if (!is_string($str)) {
return "";
}
$str = trim($str); //Don't need to suppress errors
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($mysqli,preg_replace("/[^0-9a-zA-Z\x{600}-\x{6FF}]/u","",$str));
}
作为补充说明:
不要使用mysqli_real_escape_string作为清理用户输入的方法,它不能被信任,特别是在处理UTF-8输入时,不要使用预准备语句。
详细说明:
假设你有代码:
$sql = "INSERT INTO table VALUES(".clean($value).")";
将其更改为:
$sql = "INSERT INTO table VALUES(?)";
if (($s=$mysqli->prepare($sql)) {
$stmt->bind_param("s", preg_replace("/[^0-9a-zA-Z\x{600}-\x{6FF}]/u","",$value)); //MySQL will clean it up.
$stmt->execute();
}