Remove new lines with preg_replace

I am trying to remove new lines from form data to stop it being used to spam


$_POST['email'] = preg_replace("/\
/", " ", $_POST['email']);
$_POST['email'] = preg_replace("/\\r/", " ", $_POST['email']);
$_POST['email'] = str_replace("bcc:"," ",$_POST['email']);

I am using this code but when I test it the bcc is removed, but
or \r still comes through. I have tried replacing the preg_replace with str_replace and still get the same.

Any suggestions why this isnt working. Do I need to add extra characters to mark the new lines as code rather than text

Thanks
Dave

You should really use str_replace for a simple replace. But then you need to remove the regex syntax.


$email= str_replace(array("\
", "\\r", "bcc:"), " ", $_POST['email']);

For PCRE to work with multiple lines there is an additional switch required. Have a look at the PHP manual.

That’s the [I]m[/I] modifier.

I am using this code but when I test it the bcc is removed, but
or \r still comes through.
Impossible.

$_POST['email'] = <<<LONGSTRING
See Dick run.
See Jane run.
See Dick run after Jane.
myaccount@yahoo.com
bcc: you@yoohoo.com
LONGSTRING;

$_POST['email'] = preg_replace("/\
/", " ", $_POST['email']);
$_POST['email'] = preg_replace("/\\r/", " ", $_POST['email']);
$_POST['email'] = str_replace("bcc:"," ",$_POST['email']);

echo $_POST['email'];

output:

See Dick run. See Jane run. See Dick run after Jane. myaccount@yahoo.com you@yoohoo.com

I have been having the same problem; You see on the forums to try and stop spaming do as dmg was doing.

But I have done some tests and if I try to remove
\r bcc from a string it will only remove the bcc. BUT trying 7stud’s example it works OK.

Is this because I have hard coded the \r &
into my string rather than using an end of line ? But the spammers write it as

etc. rather than ending the line ?

Anthony


$test1 = 'me@home.com \\r\
 bcc: me@work.com';

echo "Original string 1 = ".$test1."<br>";

$email1= str_replace(array("\
", "\\r", "bcc:"), " ", $test1);

echo "Modified string 1 = ".$email1."<br>";

$test2 = 'me@home.com
bcc: me@work.com';

echo "Original string 2 = ".$test2."<br>";

$email2= str_replace(array("\
", "\\r", "bcc:"), " ", $test2);

echo "Modified string 2 = ".$email2."<br>";

Output =
Original string 1 = me@home.com \r
bcc: me@work.com
Modified string 1 = me@home.com \r
me@work.com
Original string 2 = me@home.com bcc: me@work.com
Modified string 2 = me@home.com me@work.com

its because the string litterally has \r
in it, not a CRLF

when you use single quotes, php wont parse \r
into CRLF, it will leave them as a litteral.

this would work
$test1 = “me@home.com \r
bcc: me@work.com”;

http://us3.php.net/types.string

Thanks for the replies. I think my problem must be a difference between
as text and an actual newline. Either in what the the code is looking for or what I am using as test data!

7studs example works when its in a single file, but not when the info is posted through from a form in another file.

I got crashmakerMX’s code to work by using an extra backslash but am not sure if this is clearing
or a new line

$email= str_replace(array("\\\
", "\\\\r", "bcc:"), " ", $_POST['email']);

Any suggestions for working out where I am going wrong?

I got crashmakerMX’s code to work by using an extra backslash but am not sure if this is clearing
or a new line

A slash is a special character. Sometimes it will cause php to ‘escape’ the character following the slash. When you escape certain characters, it has a special meaning. If you don’t want php to interpret a slash as a signal to escape the next character, i.e. you want php to see a literal slash, then you escape the slash, e.g. \\.

Since you need to remove literal slashes and n’s and r’s from your string, escape the slash.

Thanks 7stud

Is it possible to make str_replace case insensitive. My host is using php4 so I cant use str_ireplace. Otherwise my array of text to look for is going to be very long bcc, Bcc BCC etc

Is it possible to make str_replace case insensitive. My host is using php4 so I cant use str_ireplace.

Then use preg_replace() instead.