Broad Network


Characters and Substrings in PHP

PHP String with Security Considerations - Part 4

Foreword: In this part of the series I talk about the handling of characters and sub-strings.

By: Chrysanthus Date Published: 29 Oct 2018

Introduction

This is part 4 of my series, PHP String with Security Considerations. In this part of the series I talk about the handling of characters and sub-strings. You should have read the previous parts of the series before coming here, as this is the continuation.

Remember, in a string, a space is a character.

Quoting a Character
A character can be quoted in single or double quotes, e.g. 'A' or "A". I prefer the single quotes.

ASCII Character
The ASCII character set is a set of characters with corresponding decimal numbers. These decimal numbers are ASCII codes. The following are some characters and their codes:

A - 65
B -  66
a - 97
b - 98
@ - 64
/ - 47
* -  42

The chr() Function
This function takes an ASCII code as argument and converts it into the corresponding character. It would also take a Unicode as argument and converts it into the corresponding character. The ASCII code for A is 65. The Unicode for a smiley face is 0x263a (your system may not respond well to Unicode).

Try the following code:

<?php

    $char1 = chr(65);
    $char2 = chr(0x263a);

    echo $char1, '<br>';
    echo $char2, '<br>';

?>

In my computer, the output is:

A
:

The possible arguments, range from 0 to 255.

The following code prints all ASCII characters from 32 to 126;

<?php

    for ($i=32; $i<=126; ++$i)
        echo "$i: ", chr($i), '<br>';

?>

The ord() Function
This function does the reverse of chr().

It returns the numeric value (code) of the first character of its argument.

Try the following code:

<?php

    $num = ord("Booking");
    echo $num;

?>

The output is:

    66

A string as argument should be in quotes.

Index
Index counting of the position of the characters in a string begins from zero.

Position of a Substring
A substring is a small part of the string (main string). The first occurrence of a substring is the first occurrence of the first character of the substring, looking from left to right. The last occurrence of a substring is the last occurrence of the first character of the substring. The sub-string can consist of just one character or more than one character.

Position of First Occurrence of Substring
For case-sensitive search, the syntax is

    int strpos ( string $haystack , mixed $needle [, int $offset = 0 ] )

where $haystack is the main string, $needle is the substring and $offset is the index of the main string, where search starts. The square brackets mean that $offset is optional. When absent, it defaults to zero. Negative offset (-1, -2, -3, . . .) means the search starts from the right end coming to the left.

The function returns the index of the substring (relative to the start of the main string) if found and false if the substring was not found.

Try the following code, where the phrase, 'a multipurpose' is searched:

<?php

    $substring = 'a multipurpose';
    $str = 'A Star Wars Lightsaber looks like a multipurpose weapon for the future.';
    $indx = strpos($str, $substring);

    echo $indx;

?>

The argument to the strpos function is the main string.

The output is 34.

Position of Last Occurrence of Substring
For case-sensitive search, the syntax is:

    int strrpos ( string $haystack , mixed $needle [, int $offset = 0 ] )

It returns the index if the substring was found or false if the substring was not found. Try the following:

<?php

    $subStr = 'cat';
    $str = "A cat is an animal. A cat is a creature.";
    $lastIndx = strrpos($str, $subStr);
    echo $lastIndx;

?>

The output is:

22

The substr() Function
This function returns part of a string. The syntax is:

    string substr ( string $string , int $start [, int $length ] )

Try the following code:

<?php

    $str = 'one two three four five';
    $ret = substr($str, 14);
    echo $str, '<br>';
    echo $ret, '<br>';

?>

The output is:

    one two three four five
    four five

If $length of the syntax is omitted, the rest of the string from $start is returned.

The function returns the part of the string beginning from the index position, $start. If the optional $length argument is given, the number of $length characters, beginning form $start is returned. The original string remains unchanged. Try the following code:

<?php

    $str = 'one two three four five';
    $ret = substr($str, 14, 4);
    echo $str, '<br>';
    echo $ret, '<br>';

?>

The output is:

    one two three four five
    four

Now, if a substring is found, the substring is returned; if no substring is found the empty string ('') is returned. If an error is detected; for example, if the length of the string is less than the start index, false is returned.

The substr_replace() Function
The substring matched, can be replaced. The syntax for the function to do this is:

    mixed substr_replace ( mixed $string , mixed $replacement , mixed $start [, mixed $length ] )

<?php

    $str = 'one two three four five';
    $ret = substr_replace($str, 'ffff', 14, 4);
    echo $str, '<br>';
    echo $ret, '<br>';

?>

The output is:

    one two three four five
    one two three ffff five

If the replacement string is longer than $length, then the rest of the string is pushed to the right, while all the replacement is inserted. The replacement can be shorter than length ($length is still removed). Note that $length of the syntax, is optional (if you want insertion, only, make $length, 0).

There is more to the syntax (as regards mixed arguments) than I have said; consult the manual for the rest of the information. Square brackets in argument list always mean that the argument is optional.

The str_replace() Function
The above functions replace one occurrence of the substring. The str_replace() function replaces all the occurrences of the substring. It is case-sensitive. The syntax is:

    mixed str_replace ( mixed $search , mixed $replace , mixed $subject [, int &$count ] )

$count is the number of replacement you want. Do not worry about the & for now. Replacement begins from the left of the main string. Try the following code:

<?php

    $str = 'The dog is here. The dog is big. The dog is brown.';
    $search = 'dog';
    $replace = 'cat';
    $ret = str_replace($search, $replace, $str);
    echo $str, '<br>';
    echo $ret, '<br>';

?>

The output is:

    The dog is here. The dog is big. The dog is brown.
    The cat is here. The cat is big. The cat is brown.

As you can see from the output, the return main string has the replacements, while the original string remains unchanged.

There is more to the syntax (as regards mixed arguments) than I have said; consult the manual for the rest of the information.  There is the case-insensitive version of this function; consult the manual.

That is it for this part of the series. We take a break here and continue in the next part.

Chrys


Related Links

Basics of PHP with Security Considerations
White Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links

Cousins

BACK NEXT

Comments