Last updated: Fri, 20 Nov 2009

preg_replace

(PHP 4, PHP 5)

preg_replace — Perform a regular expression search and replace

Description

mixed preg_replace ( mixed $pattern , mixed $replacement , mixed $subject [, int $limit = -1 [, int &$count ]] )

Searches subject for matches to pattern and replaces them with replacement .

Parameters

pattern

The pattern to search for. It can be either a string or an array with strings.

The e modifier makes preg_replace() treat the replacement parameter as PHP code after the appropriate references substitution is done. Tip: make sure that replacement constitutes a valid PHP code string, otherwise PHP will complain about a parse error at the line containing preg_replace().

replacement

The string or an array with strings to replace. If this parameter is a string and the pattern parameter is an array, all patterns will be replaced by that string. If both pattern and replacement parameters are arrays, each pattern will be replaced by the replacement counterpart. If there are fewer elements in the replacement array than in the pattern array, any extra pattern s will be replaced by an empty string.

replacement may contain references of the form \\n or (since PHP 4.0.4) $n, with the latter form being the preferred one. Every such reference will be replaced by the text captured by the n'th parenthesized pattern. n can be from 0 to 99, and \\0 or $0 refers to the text matched by the whole pattern. Opening parentheses are counted from left to right (starting from 1) to obtain the number of the capturing subpattern. To use backslash in replacement, it must be doubled ("\\\\" PHP string).

When working with a replacement pattern where a backreference is immediately followed by another number (i.e.: placing a literal number immediately after a matched pattern), you cannot use the familiar \\1 notation for your backreference. \\11, for example, would confuse preg_replace() since it does not know whether you want the \\1 backreference followed by a literal 1, or the \\11 backreference followed by nothing. In this case the solution is to use \${1}1. This creates an isolated $1 backreference, leaving the 1 as a literal.

When using the e modifier, this function escapes some characters (namely ', ", \ and NULL) in the strings that replace the backreferences. This is done to ensure that no syntax errors arise from backreference usage with either single or double quotes (e.g. 'strlen(\'$1\')+strlen("$2")'). Make sure you are aware of PHP's string syntax to know exactly how the interpreted string will look like.

subject

The string or an array with strings to search and replace.

If subject is an array, then the search and replace is performed on every entry of subject , and the return value is an array as well.

limit

The maximum possible replacements for each pattern in each subject string. Defaults to -1 (no limit).

count

If specified, this variable will be filled with the number of replacements done.

Return Values

preg_replace() returns an array if the subject parameter is an array, or a string otherwise.

If matches are found, the new subject will be returned, otherwise subject will be returned unchanged or NULL if an error occurred.

Changelog

Version	Description
5.1.0	Added the `count` parameter
4.0.4	Added the '$n' form for the `replacement` parameter
4.0.2	Added the `limit` parameter

Examples

Example #1 Using backreferences followed by numeric literals


<?php
$string = 'April 15, 2003';
$pattern = '/(\w+) (\d+), (\d+)/i';
$replacement = '${1}1,$3';
echo preg_replace($pattern, $replacement, $string);
?>

The above example will output:

April1,2003

Example #2 Using indexed arrays with preg_replace()


<?php
$string = 'The quick brown fox jumped over the lazy dog.';
$patterns[0] = '/quick/';
$patterns[1] = '/brown/';
$patterns[2] = '/fox/';
$replacements[2] = 'bear';
$replacements[1] = 'black';
$replacements[0] = 'slow';
echo preg_replace($patterns, $replacements, $string);
?>

The above example will output:

The bear black slow jumped over the lazy dog.

By ksorting patterns and replacements, we should get what we wanted.


<?php
ksort($patterns);
ksort($replacements);
echo preg_replace($patterns, $replacements, $string);
?>

The above example will output:

The slow black bear jumped over the lazy dog.

Example #3 Replacing several values


<?php
$patterns = array ('/(19|20)(\d{2})-(\d{1,2})-(\d{1,2})/',
                   '/^\s*{(\w+)}\s*=/');
$replace = array ('\3/\4/\1\2', '$\1 =');
echo preg_replace($patterns, $replace, '{startDate} = 1999-5-27');
?>

The above example will output:

$startDate = 5/27/1999

Example #4 Using the 'e' modifier


<?php
preg_replace("/(<\/?)(\w+)([^>]*>)/e", 
             "'\\1'.strtoupper('\\2').'\\3'", 
             $html_body);
?>

This would capitalize all HTML tags in the input text.

Example #5 Strip whitespace

This example strips excess whitespace from a string.


<?php
$str = 'foo   o';
$str = preg_replace('/\s\s+/', ' ', $str);
// This will be 'foo o' now
echo $str;
?>

Example #6 Using the count parameter


<?php
$count = 0;

echo preg_replace(array('/\d/', '/\s/'), '*', 'xp 4 to', -1 , $count);
echo $count; //3
?>

The above example will output:

xp***to
3

Notes

Note: When using arrays with pattern and replacement , the keys are processed in the order they appear in the array. This is not necessarily the same as the numerical index order. If you use indexes to identify which pattern should be replaced by which replacement , you should perform a ksort() on each array prior to calling preg_replace().


if you are using the preg_replace with arrays, the replacements will apply as subject for the patterns later in the array. This means replaced values can be replaced again.



Example:

<?php

$text = 'We want to replace BOLD with the <boldtag> and OLDTAG with the <newtag>';



$patterns = array('/BOLD/i', '/OLDTAG/i');

$replacements = array('<boldtag>', '<newtag>');



echo preg_replace ($patterns, $replacements, $text);

?>



Output:

We want to replace <b<newtag>> with the <<b<newtag>>tag> and <newtag> with the <newtag>



Look what happend with BOLD.

alammar at gmail dot com
24-Jul-2009 04:02


I was writing a web crawler and wanted to limit its range to one website. I needed to dynamically escape the urls so I wrote the following function:



<?php



//Escape a string to be used as a regular expression pattern

//Ex: escape_string_for_regex('http://www.example.com/s?q=php.net+docs')

// returns http:\/\/www\.example\.com\/s\?q=php\.net\+docs

function escape_string_for_regex($str)

{

        //All regex special chars (according to arkani at iol dot pt below):

        // \ ^ . $ | ( ) [ ]

        // * + ? { } ,

        

        $patterns = array('/\//', '/\^/', '/\./', '/\$/', '/\|/',

 '/\(/', '/\)/', '/\[/', '/\]/', '/\*/', '/\+/', 

'/\?/', '/\{/', '/\}/', '/\,/');

        $replace = array('\/', '\^', '\.', '\$', '\|', '\(', '\)', 

'\[', '\]', '\*', '\+', '\?', '\{', '\}', '\,');

        

        return preg_replace($patterns,$replace, $str);

}



?>

marco dot demaio at vanylla dot it
24-Jul-2009 05:56


Maybe it's better to avoid using \w and \W character class matches because they behave differently depending on locale server settings, therefore you will end up with a regular expression match that changes its behavior depending upon server settings.



<?php

   /*

   according to most websites the regexp sintax [\w] is identical to [A-Za-z0-9_]

   

   See:

   http://en.wikipedia.org/wiki/Regular_expression

   http://msdn.microsoft.com/en-us/library/1400241x(VS.85).aspx   

   */

   

   $result1 = preg_replace('/[A-Za-z0-9_]*/', '', "test àèìòù test");   

   $result2 = preg_replace('/\w*/', '', "test àèìòù test");

      

   echo "<pre>[" . $result1 . "]</pre>"; //ok, it shows: "[ àèìòù ]"

   echo "<pre>[" . $result2 . "]</pre>"; //WARNING on server other than UK/US locale, it shows: "[  ]"

   

   /*

   Why does this happen?

   preg_replace uses Perl Compatible Regular Expressions and NOT POSIX regular exp sintax.

   Therefore a minor difference is that in the former one the \w charcater class matches also

   the accented characters depending on locale settings.

   

   See: http://perldoc.perl.org/perlre.html#Regular-Expressions

   */

?>

mybodya at gmail dot com
14-Jul-2009 06:40


This works fine for windows, linux and mac, encoding cp1251





<?php


function valid_filename($str)


    return preg_replace('/[^0-9a-zа-яіїё\`\~\!\@\#\$\%\^\*\(\)\; \,\.\'\/\_\-]/i', ' ',$str);


}


?>





can be used html without htmlspetialchars()

spcmky at gmail dot com
24-Apr-2009 09:15


Using this for SEO urls. I had to modify it a bit to get through the word wrap.  Pretty sure you can one line it a lot of it.



<?php

public static function encodeUrlParam ( $string )

{

  $string = trim($string);

    

  if ( ctype_digit($string) )

  {

    return $string;

  }

  else 

  {      

    // replace accented chars

    $accents = '/&([A-Za-z]{1,2})(grave|acute|circ|cedil|uml|lig);/';

    $string_encoded = htmlentities($string,ENT_NOQUOTES,'UTF-8');



    $string = preg_replace($accents,'$1',$string_encoded);

      

    // clean out the rest

    $replace = array('([\40])','([^a-zA-Z0-9-])','(-{2,})');

    $with = array('-','','-');

    $string = preg_replace($replace,$with,$string); 

  } 



  return strtolower($string);

}

?>

atifrashid at hotmail dot com
16-Apr-2009 01:56


To make seo url from title or any text:





<?php


function CleanFileName( $Raw ){


    $Raw = trim($Raw);


    $RemoveChars  = array( "([\40])" , "([^a-zA-Z0-9-])", "(-{2,})" );


    $ReplaceWith = array("-", "", "-"); 


    return preg_replace($RemoveChars, $ReplaceWith, $Raw);


}


    


echo CleanFileName('whatever $4 sd- -sdf- @    sd 8 as +% sdf ;');


?>

hubert at uhoreg dot ca
07-Apr-2009 07:09


The issue described by arie below is not actually a bug, but expected behaviour.  The PCRE Regular Expression Details says: "The definition of letters and digits is controlled by PCRE's character tables, and may vary if locale-specific matching is taking place. For example, in the "fr" (French) locale, some character codes greater than 128 are used for accented letters, and these are matched by \w."

arie dot benichou at gmail dot com
09-Mar-2009 02:50


<?php

//Be carefull with utf-8, even with unicode and utf-8 support enabled, a pretty odd bug occurs depending on your operating system

$str = "Hi, my name is Arié!<br />";

echo preg_replace('#\bArié\b#u', 'Gontran', $str);

//on windows system, output is "Hi, my name is Gontran<br />"

//on unix system, output is "Hi, my name is Arié<br />"

echo preg_replace('#\bArié(|\b)#u', 'Gontran', $str);

//on windows and unix system, output is "Hi, my name is Gontran<br />"

arkani at iol dot pt
04-Mar-2009 01:00


Because i search a lot 4 this:



The following should be escaped if you are trying to match that character



\ ^ . $ | ( ) [ ]

* + ? { } ,



Special Character Definitions

\ Quote the next metacharacter

^ Match the beginning of the line

. Match any character (except newline)

$ Match the end of the line (or before newline at the end)

| Alternation

() Grouping

[] Character class

* Match 0 or more times

+ Match 1 or more times

? Match 1 or 0 times

{n} Match exactly n times

{n,} Match at least n times

{n,m} Match at least n but not more than m times

More Special Character Stuff

\t tab (HT, TAB)

\n newline (LF, NL)

\r return (CR)

\f form feed (FF)

\a alarm (bell) (BEL)

\e escape (think troff) (ESC)

\033 octal char (think of a PDP-11)

\x1B hex char

\c[ control char

\l lowercase next char (think vi)

\u uppercase next char (think vi)

\L lowercase till \E (think vi)

\U uppercase till \E (think vi)

\E end case modification (think vi)

\Q quote (disable) pattern metacharacters till \E

Even More Special Characters

\w Match a "word" character (alphanumeric plus "_")

\W Match a non-word character

\s Match a whitespace character

\S Match a non-whitespace character

\d Match a digit character

\D Match a non-digit character

\b Match a word boundary

\B Match a non-(word boundary)

\A Match only at beginning of string

\Z Match only at end of string, or before newline at the end

\z Match only at end of string

\G Match only where previous m//g left off (works only with /g)

akam AT akameng DOT com
17-Feb-2009 06:02


<?php                    

$converted    = 

array(

//3 of special chars



'/(;)/ie', 

'/(#)/ie', 

'/(&)/ie', 



//MySQL reserved words!

//Check mysql website!

'/(ACTION)/ie', '/(ADD)/ie', '/(ALL)/ie', '/(ALTER)/ie', '/(ANALYZE)/ie', '/(AND)/ie', '/(AS)/ie', '/(ASC)/ie',



//remaining of special chars

'/(<)/ie', '/(>)/ie', '/(\.)/ie', '/(,)/ie', '/(\?)/ie', '/(`)/ie', '/(!)/ie', '/(@)/ie', '/(\$)/ie', '/(%)/ie', '/(\^)/ie', '/(\*)/ie', '/(\()/ie', '/(\))/ie', '/(_)/ie', '/(-)/ie', '/(\+)/ie', 

'/(=)/ie', '/(\/)/ie', '/(\|)/ie', '/(\\\)/ie', "/(')/ie", '/(")/ie', '/(:)/'

);



$input_text = preg_replace($converted, "UTF_to_Unicode('\\1')", $text);



function UTF_to_Unicode($data){



//return $data;

}

?>

The above example useful for filtering input data, then saving into mysql database, it's not need tobe decoded again, just use UTF-8 as charset.

Please Note escaping special chars between delimiter..

Svoop
10-Feb-2009 07:41


I have written a short introduction and a colorful cheat sheet for Perl Compatible Regular Expressions (PCRE):



http://www.bitcetera.com/en/techblog/2008/04/01/regex-in-a-nutshell/

neamar at neamar dot fr
04-Jan-2009 02:08


I was needing regular expression with brace matching, but i was not able to find anything for this problem.

So, if i had :

\bold{something \underline{another thing} and another bold thing}

My regexp would stop at the first closing brace, and it seemed to be a common problem with regular expression, often discussed on forums.



So here is the snippet i used, perhaps it'll be useful :

<?php

    function preg_replace_with_braces($Regexp,$Remplacement,$Texte)

    {

        preg_match_all($Regexp,$Texte,$Resultats,PREG_SET_ORDER);

        

        $SVGRemplacement=$Remplacement;

        foreach($Resultats as $Resultat)

        {//For each result

            $Remplacement=$SVGRemplacement;

            foreach($Resultat as $n=>$Match)

            {//For each set of capturing parenthesis

                if($n>0 && strpos($Match,'{')!==false)

                {//We find a open brace in our regexp : we'll need to find the closing one !

                    $InitialMatch=$Match;

                    $Offset=strpos($Texte,$Resultat[0]);

                    $Offset=strpos($Texte,$Match,$Offset);//We move the caret to the good place : let's start !

                    $Depart=$Offset;

                    $Taille=strlen($Texte);

                    $NestingLevel=0;

                    while($NestingLevel>=0 && $Offset<$Taille)

                    {//Browse the string, searching for braces. Perhaps the most important place !

                        $Offset++;

                        if($Texte[$Offset]=='{')

                            $NestingLevel++;

                        elseif($Texte[$Offset]=='}')

                            $NestingLevel--;

                    }

                    $Match=substr($Texte,$Depart,$Offset-$Depart);

                    $Resultat[0]=str_replace($InitialMatch,$Match,$Resultat[0]);

                }

                $Remplacement=str_replace('$' . $n,$Match,$Remplacement);

            }

            $Texte=str_replace($Resultat[0],$Remplacement,$Texte);

        }

        return $Texte;

    }

?>

Hope it'll be useful !

I know it's pretty odd and unclean, but that was a quick workaround i had.

callummann at blueyonder dot co dot uk
31-Dec-2008 06:31


For BBcode, rather than having two different arrays you can use the same one.



<?php



$bbcode = array(



"/\[b\](.*?)\[\/b\]/is" => "<strong>$1</strong>",

"/\[u\](.*?)\[\/u\]/is" => "<u>$1</u>",

"/\[url\=(.*?)\](.*?)\[\/b\]/is" => "<a href='$1'>$2</a>"



);

$text = "[b]Text[/b][u]Text[/u]";



$text = preg_replace(array_keys($bbcode), array_values($bbcode), $text);



?>

montana [at] percepticon [dot] com
23-Dec-2008 02:47


<?php


/*





Coding across linux, mac, and windows gets annoying dealing with errors resulting from EOL format in config files, etc. 





Standardize to CRLF format.





Instead of using one regex I just broke this up into smaller groups - 


may take longer to execute three statements rather than one, 


but it also granularizes the use case.





*/


//different formats all living together


$s = "Testing 1.\r" . "Testing 2.\n" . "Testing 3.\r\n" . "Testing 4.\n\r:END";





$s = preg_replace("/(?<!\\n)\\r+(?!\\n)/", " :REPLACED: \r\n", $s); //replace just CR with CRLF


$s = preg_replace("/(?<!\\r)\\n+(?!\\r)/", " :REPLACED: \r\n", $s); //replace just LF with CRLF


$s = preg_replace("/(?<!\\r)\\n\\r+(?!\\n)/", " :REPLACED: \r\n", $s); //replace misordered LFCR with CRLF





echo $s;





/*





output:





Testing 1. :REPLACED: 


Testing 2. :REPLACED: 


Testing 3.


Testing 4. :REPLACED: 


:END





*/


?>

mdrisser at gmail dot com
28-Nov-2008 12:13


An alternative to the method suggested by sheri is to remember that the regex modifier '$' only looks at the end of the STRING, the example given is a single string consisting of multiple lines.



Try:

<?php

// Following is 1 string containing 3 lines

$s = "Testing, testing.\r\n"

   . "Another testing line.\r\n"

   . "Testing almost done.";



echo preg_replace('/\.\\r\\n/m', '@\r\n', $s);

?>



This results in the string:

Testing, testing@\r\nAnother testing line@\r\nTesting almost done.

jette at nerdgirl dot dk
19-Nov-2008 06:47


I use this to prevent users from overdoing repeated text. The following function only allows 3 identical characters at a time and also takes care of repetitions with whitespace added.



This means that 'haaaaaaleluuuujaaaaa' becomes 'haaaleluuujaaa' and 'I am c o o o o o o l' becomes 'I am c o o o l'



<?php

//Example of user input

$str = "aaaaaaaaaaabbccccccccaaaaad d d d   d      d d ddde''''''''''''";



function stripRepeat($str) {

  //Do not allow repeated whitespace

  $str = preg_replace("/(\s){2,}/",'$1',$str);

  //Result: aaaaaaaaaaabbccccccccaaaaad d d d d d d ddde''''''''''''



  //Do not allow more than 3 identical characters separated by any whitespace 

  $str = preg_replace('{( ?.)\1{4,}}','$1$1$1',$str);

  //Final result: aaabbcccaaad d d ddde'''



  return $str;

}

?>



To prevent any repetitions of characters, you only need this:



<?php

$str = preg_replace('{(.)\1+}','$1',$str);

//Result: abcad d d d d d d de'

?>

7r6ivyeo at mail dot com
17-Nov-2008 11:25


String to filename:



<?php

function string_to_filename($word) {

    $tmp = preg_replace('/^\W+|\W+$/', '', $word); // remove all non-alphanumeric chars at begin & end of string

    $tmp = preg_replace('/\s+/', '_', $tmp); // compress internal whitespace and replace with _

    return strtolower(preg_replace('/\W-/', '', $tmp)); // remove all non-alphanumeric chars except _ and -

}

?>



Returns a usable & readable filename.

pyromus at gmail dot com
16-Oct-2008 08:48


You can do seo permalink to your subject with this function as wordpress. 





<?php





function seo_permalink($value) {


$turkce=array(


"ş","Ş","ı","(",


")","'","ü","Ü",


"ö","Ö","ç","Ç",


" ","/","*","?",


"ş","Ş","ı","ğ",


"Ğ","İ","ö","Ö",


"Ç","ç","ü","Ü");


$duzgun=array(


"s","S","i","",


"","","u","U",


"o","O","c","C",


"","-","-","",


"s","S","i","g",


"G","I","o","O",


"C","c","u","U");


$value=str_replace($turkce,$duzgun,$value);


$value = preg_replace("@[^A-Za-z0-9\-_]+@i","",$value);


return $value;


}





echo "http://www.pyromus.com/";


echo seo("convert turkish sentence to seo url value");





?>

Sheri
22-Sep-2008 04:32


The situation described below by dyer85 at gmail on 28-Aug-2008 at 08:41 can be addressed (since PCRE version 7.3) by including "(*ANYCRLF)" at the start of the pattern. Then linebreaks will be detected for line endings typical of unix, mac and PC texts.



When included in the pattern for the example cited, all expected replacements are made.



<?php

$s = "Testing, testing.\r\n"

   . "Another testing line.\r\n"

   . "Testing almost done.";



echo preg_replace('/(*ANYCRLF)\.$/m', '.@', $s);

?>

tal at ashkenazi dot co dot il
14-Sep-2008 03:46


after long time of tring get rid of \n\r and <BR> stuff i've came with this... 

(i done some changes in clicklein() function...)



<?php

    function clickable($url){

        $url                                    =    str_replace("\\r","\r",$url);

        $url                                    =    str_replace("\\n","\n<BR>",$url);

        $url                                    =    str_replace("\\n\\r","\n\r",$url);



        $in=array(

        '`((?:https?|ftp)://\S+[[:alnum:]]/?)`si',

        '`((?<!//)(www\.\S+[[:alnum:]]/?))`si'

        );

        $out=array(

        '<a href="$1"  rel=nofollow>$1</a> ',

        '<a href="http://$1" rel=\'nofollow\'>$1</a>'

        );

        return preg_replace($in,$out,$url);

    }



?>

http://www.webb3.net/
07-Sep-2008 07:16


Hello I am the admin of http://www.webb3.net/ I got this function for templates.



<?php

$file = "filename.tpl";

$contents = file_get_contents($file);

$website_tpl = 'something';

$text = preg_replace('/\{(\w+)\}/e', '$$1_tpl', $TEMPLATE);

echo $text

?>



With this if you have a file filename.tpl and you have the text {website} it will replace it with something as you can see above!



-<a href="http://www.webb3.net">http://www.webb3.net/</a>

dyer85 at gmail dot com
28-Aug-2008 09:41


There seems to be some unexpected behavior when using the /m modifier when the line terminators are win32 or mac format.



If you have a string like below, and try to replace dots, the regex won't replace correctly:



<?php

$s = "Testing, testing.\r\n"

   . "Another testing line.\r\n"

   . "Testing almost done.";



echo preg_replace('/\.$/m', '.@', $s); // only last . replaced

?>



The /m modifier doesn't seem to work properly when CRLFs or CRs are used. Make sure to convert line endings to LFs (*nix format) in your input string.

tasser at ne8 dot in
23-Aug-2008 03:42


preg_replace is greedy by default, and the behaviour of ? on the pattern is to make it non-greedy contrary to what i read on PCRE docs. 





<?php


$str ="asdfd adsfd aaaadasd";





$str = preg_replace("/(a)(.*)(d)/","a($2)d",$str);


// a(sdfd adsfd aaaadas)d





$str = preg_replace("/(a)(.*)?(d)/U","a($2)d",$str);


// a(s)dfd a()dsfd a(aaa)da(s)d


?>





which is what i wanted.

halityesil [ at at] globya [ dot dot] net
31-Jul-2008 08:08


<?PHP



function strip_tags_attributes($sSource, $aAllowedTags = FALSE, $aDisabledAttributes = FALSE, $aAllowedProperties = 'font|font-size|font-weight|color' . '|text-align|text-decoration|margin|margin-left' . '|margin-top|margin-bottom|margin-right|padding' . '|padding-top|padding-left|padding-right|padding-bottom' . '|width|height'){



   if( !is_array( $aDisabledAttributes ) ){

      $aDisabledAttributes = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavaible', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragdrop', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterupdate', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmoveout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');

   }

   

   $sSource = stripcslashes( $sSource );

            

   $sSource = strip_tags( $sSource, $aAllowedTags );

        

   if( empty($aDisabledAttributes) ){

      return $sSource;

   }



   $aDisabledAttributes = @ implode('|', $aDisabledAttributes);

        

   $sSource = preg_replace('/<(.*?)>/ie', "'<' . preg_replace(array('/javascript:[^\"\']*/i', '/(" . $aDisabledAttributes . ")[ \\t\\n]*=[ \\t\\n]*[\"\'][^\"\']*[\"\']/i', '/\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", $sSource );

   $sSource = preg_replace('/\s(' . $aDisabledAttributes . ').*?([\s\>])/', '\\2', $sSource);

            

   $regexp = '@([^;"]+)?(?<!'. $aAllowedProperties .'):(?!\/\/(.+?)\/)((.*?)[^;"]+)(;)?@is';    

   $sSource = preg_replace($regexp, '', $sSource);

   $sSource = preg_replace('@[a-z]*=""@is', '', $sSource); 

            

   return $sSource;

}



?>



Online resource help skype name : globya 



good luck !

Anonymous
30-Jul-2008 11:21


People using functions like scandir with user input and protecting against "../" by using preg_replace make sure you run ir recursivly untill preg_match no-long finds it, because if you don't the following can happen.



If a user gives the path:

"./....//....//....//....//....//....//....//"

then your script detects every "../" and removes them leaving:

"./../../../../../../../"

Which is proberly going back enough times to show root.



I just found this vunrability in an old script of mine, which was written several years ago.



Always do:

<?php

while( preg_match( [expression], $input ) )

{

   $input = preg_replace( [expression], "", $input );

}

?>

Robert Hartung
30-Jul-2008 07:34


I just was trying to make a negated replace with a string NOT being in another string.



The code that is actually working:



<?php

$result = preg_replace('#{(?!disable1|disable2)[a-z0-9]+}#is', '$1', $foo);

?>



This code matches on all strings that do NOT start with "disable1" or "disable2" and contain of a-z0-9. It took me several hours to figuere out this very easy example!



Hope anyone could use it

marcin at pixaltic dot com
25-Jul-2008 05:56


<?php


    //:::replace with anything that you can do with searched string:::


    //Marcin Majchrzak


    //pixaltic.com


    


    $c = "2 4 8";


    echo ($c); //display:2 4 8





    $cp = "/(\d)\s(\d)\s(\d)/e"; //pattern


    $cr = "'\\3*\\2+\\1='.(('\\3')*('\\2')+('\\1'))"; //replece


    $c = preg_replace($cp, $cr, $c);


    echo ($c); //display:8*4+2=34


?>

dweintraub at solbright dot com
16-Jul-2008 05:23


When you use the '$1', '$2', etc. replacement values, they can be either in double or single quotes. There is no need to worry about the dollar sign being interpreted as a variable or not:



<?php

print preg_replace("/I want (\S+) one/", "$1 is the one I want", "I want that one") . "\n";

print preg_replace("/I want (\S+) one/", '$1 is the one I want', "I want that one") . "\n";

?>



Both lines will print "that is the one I want".

David
11-Jul-2008 06:59


Take care when you try to strip whitespaces out of an UTF-8 text. Using something like:



<?php

$text = preg_replace( "{\s+}", ' ', $text );

?>



brokes in my case the letter à which is hex c3a0. But a0 is a whitespace. So use 



<?php

$text = preg_replace( "{[ \t]+}", ' ', $text );

?>



to strip all spaces and tabs, or better, use a multibyte function like mb_ereg_replace.

akniep at rayo dot info
07-Jul-2008 05:22


preg_replace (and other preg-functions) return null instead of a string when encountering problems you probably did not think about!

-------------------------



It may not be obvious to everybody that the function returns NULL if an error of any kind occurres. An error I happen to stumple about quite often was the back-tracking-limit:

http://de.php.net/manual/de/pcre.configuration.php

#ini.pcre.backtrack-limit



When working with HTML-documents and their parsing it happens that you encounter documents that have a length of over 100.000 characters and that may lead to certain regular-expressions to fail due the back-tracking-limit of above.



A regular-expression that is ungreedy ("U", http://de.php.net/manual/de/reference.pcre.pattern.modifiers.php) often does the job, but still: sometimes you just need a greedy regular expression working on long strings ...



Since, an unhandled return-value of NULL usually creates a consecutive error in the application with unwanted and unforeseen consequences, I found the following solution to be quite helpful and at least save the application from crashing:



<?php



$string_after = preg_replace( '/some_regexp/', "replacement", $string_before );



// if some error occurred we go on working with the unchanged original string

if (PREG_NO_ERROR !== preg_last_error())

{

    $string_after = $string_before;

    

    // put email-sending or a log-message here

} //if



// free memory

unset( $string_before );



?>



You may or should also put a log-message or the sending of an email into the if-condition in order to get informed, once, one of your regular-expressions does not have the effect you desired it to have.

da_pimp2004_966 at hotmail dot com
21-Jun-2008 01:09


A simple BB like thing..





<?php


function AddBB($var) {


        $search = array(


                '/\[b\](.*?)\[\/b\]/is',


                '/\[i\](.*?)\[\/i\]/is',


                '/\[u\](.*?)\[\/u\]/is',


                '/\[img\](.*?)\[\/img\]/is',


                '/\[url\](.*?)\[\/url\]/is',


                '/\[url\=(.*?)\](.*?)\[\/url\]/is'


                );





        $replace = array(


                '<strong>$1</strong>',


                '<em>$1</em>',


                '<u>$1</u>',


                '<img src="$1" />',


                '<a href="$1">$1</a>',


                '<a href="$1">$2</a>'


                );





        $var = preg_replace ($search, $replace, $var);


        return $var;


}


?>

Michael W
16-Apr-2008 05:35


For filename tidying I prefer to only ALLOW certain characters rather than converting particular ones that we want to exclude. To this end I use ...



<?php

  $allowed = "/[^a-z0-9\\040\\.\\-\\_\\\\]/i";

  preg_replace($allowed,"",$str));

?>



Allows letters a-z, digits, space (\\040), hyphen (\\-), underscore (\\_) and backslash (\\\\), everything else is removed from the string.

Misha
24-Mar-2008 08:45


This is in response to iasmin at amazingdiscoveries dot org's URL text to link function. Hope this is helpful to someone.



I played with it a bit and came up with this version (there were one or two little errors in the regex I think, also -- it didn't allow various necessary characters).



I start with a URL in brackets (this works for my case):

[http://www.site.com/path/that/may/be_long.php?fun=1]



It returns a link of the URL after the "http://":

www.site.com/path/that/may/b...



-----------

    // Cuts off long URLs at $url_length, and appends "..."

    function reduceurl($url, $url_length) {

        $reduced_url = substr($url, 0, $url_length);

        if (strlen($url) > $url_length) $reduced_url .= '...';

        

        return $reduced_url;

    }



    // Makes URLs with brackets into links

    // The regex searches for "http://" or equivalent, then various character possibilities (I don't know if it might be possible to exploit this if more characters were allowed). The "e" after the regex allows the reduceurl() to be evaluated.



    function url2link($linktext) {

        $linktext = preg_replace("#\[(([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=+_-]*))\]#e", "'<a href=\"$1\" target=\"_blank\">' . reduceurl(\"$3\", 30) . '</a>'", $linktext);

                

        return $linktext;

    }

php-comments-REMOVE dot ME at dotancohen dot com
29-Feb-2008 02:02


Below is a function for converting Hebrew final characters to their

normal equivelants should they appear in the middle of a word.

The /b argument does not treat Hebrew letters as part of a word,

so I had to work around that limitation.



<?php



$text="עברית מבולגנת";



function hebrewNotWordEndSwitch ($from, $to, $text) {

   $text=

    preg_replace('/'.$from.'([א-ת])/u','$2'.$to.'$1',$text);

   return $text;

}



do {

   $text_before=$text;

   $text=hebrewNotWordEndSwitch("ך","כ",$text);

   $text=hebrewNotWordEndSwitch("ם","מ",$text);

   $text=hebrewNotWordEndSwitch("ן","נ",$text);

   $text=hebrewNotWordEndSwitch("ף","פ",$text);

   $text=hebrewNotWordEndSwitch("ץ","צ",$text);

}   while ( $text_before!=$text );



print $text; // עברית מסודרת!



?>



The do-while is necessary for multiple instances of letters, such

as "אנני" which would start off as "אןןי". Note that there's still the

problem of acronyms with gershiim but that's not a difficult one

to solve. The code is in use at http://gibberish.co.il which you can

use to translate wrongly-encoded Hebrew, transliterize, and some

other Hebrew-related functions.



To ensure that there will be no regular characters at the end of a

word, just convert all regular characters to their final forms, then

run this function. Enjoy!

Jacob Fogg
14-Jan-2008 03:29


Here is my attempt at cleaning up a file name... it's similar to  what someone else has done however a little cleaner with the addition of the | in the reserved characters... also I clean any characters from x00 to x40 (all non display characters and space) as well as everything greater than 7f and greater (removes the Del character and other non English characters), replacing them with an '_'.





<?php


function clean_filename($filename){//function to clean a filename string so it is a valid filename


  $reserved = preg_quote('\/:*?"<>|', '/');//characters that are  illegal on any of the 3 major OS's


  //replaces all characters up through space and all past ~ along with the above reserved characters


  return preg_replace("/([\\x00-\\x20\\x7f-\\xff{$reserved}])/e", "_", $filename);


}


?>





[EDIT BY danbrown AT php DOT net: Inserted typofix/bugfix provided by "Bryan Roach" on 15 January, 2008.]

admin[a-t]saltwaterc[d0t]net
11-Dec-2007 10:17


<?php


function repl_amp($text)


    {


    $text=preg_replace("/&(?!amp;)/i", "&", $text);


    $text=preg_replace("/&#(\d+);/i", "&#$1;", $text); // For numeric entities


    $text=preg_replace("/&(\w+);/i", "&$1;", $text); // For literal entities


    return $text;


    }


?>





The RegEx Tester says that the first expression is OK, but when testing with various entities, some of them came out broken. I'd tried to use only 2 preg_replace(); calls instead of three by using the alternative branch from the pattern syntax - which didn't came out well. Sorry for the previous error, and I still hope that someone can find a better alternative.

ulf dot reimers at tesa dot com
07-Dec-2007 12:28


Hi,



as I wasn't able to find another way to do this, I wrote a function converting any UTF-8 string into a correct NTFS filename (see http://en.wikipedia.org/wiki/Filename).



<?php

function strToNTFSFilename($string)

{

  $reserved = preg_quote('\/:*?"<>', '/');

  return preg_replace("/([\\x00-\\x1f{$forbidden}])/e", "_", $string);

}

?>



It converts all control characters and filename characters which are reserved by Windows ('\/:*?"<>') into an underscore.

This way you can safely create an NTFS filename out of any UTF-8 string.

mike dot hayward at mikeyskona dot co dot uk
18-Oct-2007 10:49


Hi.


Not sure if this will be a great help to anyone out there, but thought i'd post just in case.


I was having an Issue with a project that relied on $_SERVER['REQUEST_URI']. Obviously this wasn't working on IIS.


(i am using mod_rewrite in apache to call up pages from a database and IIS doesn't set REQUEST_URI). So i knocked up this simple little preg_replace to use the query string set by IIS when redirecting to a PHP error page.





<?php


//My little IIS hack :)


if(!isset($_SERVER['REQUEST_URI'])){ 


  $_SERVER['REQUEST_URI'] = preg_replace( '/404;([a-zA-Z]+:\/\/)(.*?)\//i', "/" , $_SERVER['QUERY_STRING'] );


}


?>





Hope this helps someone else out there trying to do the same thing :)

sternkinder at gmail dot com
24-Aug-2007 05:10


From what I can see, the problem is, that if you go straight and substitute all 'A's wit 'T's you can't tell for sure which 'T's to substitute with 'A's afterwards. This can be for instance solved by simply replacing all 'A's by another character (for instance '_' or whatever you like), then replacing all 'T's by 'A's, and then replacing all '_'s (or whatever character you chose) by 'A's:





<?php


$dna = "AGTCTGCCCTAG";


echo str_replace(array("A","G","C","T","_","-"), array("_","-","G","A","T","C"), $dna); //output will be TCAGACGGGATC


?>





Although I don't know how transliteration in perl works (though I remember that is kind of similar to the UNIX command "tr") I would suggest following function for "switching" single chars:





<?php


function switch_chars($subject,$switch_table,$unused_char="_") {


    foreach ( $switch_table as $_1 => $_2 ) {


        $subject = str_replace($_1,$unused_char,$subject);


        $subject = str_replace($_2,$_1,$subject);


        $subject = str_replace($unused_char,$_2,$subject);


    }


    return $subject;


}





echo switch_chars("AGTCTGCCCTAG", array("A"=>"T","G"=>"C")); //output will be TCAGACGGGATC


?>

rob at ubrio dot us
21-Aug-2007 03:48


Also worth noting is that you can use array_keys()/array_values() with preg_replace like:





<?php


$subs = array(


  '/\[b\](.+)\[\/b\]/Ui' => '<strong>$1</strong>',


  '/_(.+)_/Ui' => '<em>$1</em>'


  ...


  ...


);





$raw_text = '[b]this is bold[/b] and this is _italic!_';





$bb_text = preg_replace(array_keys($subs), array_values($subs), $raw_text);


?>

lehongviet at gmail dot com
25-Jul-2007 03:15


I got problem echoing text that contains double-quotes into a text field. As it confuses value option. I use this function below to match and replace each pair of them by smart quotes. The last one will be replaced by a hyphen(-).





It works for me.





<?php


function smart_quotes($text) {


  $pattern = '/"((.)*?)"/i';


  $text = preg_replace($pattern,"“\\1”",stripslashes($text));


  $text = str_replace("\"","-",$text);


  $text = addslashes($text);


  return $text;


}


?>

131 dot php at cloudyks dot org
17-Jul-2007 06:37


Based on previous comment, i suggest 


( this function already exist in php 6 )





<?php


function unicode_decode($str){


    return preg_replace(


        '#\\\u([0-9a-f]{4})#e',


        "unicode_value('\\1')",


        $str);


}





function unicode_value($code) {


    $value=hexdec($code);


    if($value<0x0080)


        return chr($value);


    elseif($value<0x0800)


        return chr((($value&0x07c0)>>6)|0xc0)


            .chr(($value&0x3f)|0x80);


    else


        return chr((($value&0xf000)>>12)|0xe0)


        .chr((($value&0x0fc0)>>6)|0x80)


        .chr(($value&0x3f)|0x80);


}


?>





[EDIT BY danbrown AT php DOT net:  This function originally written by mrozenoer AT overstream DOT net.]

mtsoft at mt-soft dot com dot ar
09-Jul-2007 04:30


This function takes a URL and returns a plain-text version of the page. It uses cURL to retrieve the page and a combination of regular expressions to strip all unwanted whitespace. This function will even strip the text from STYLE and SCRIPT tags, which are ignored by PHP functions such as strip_tags (they strip only the tags, leaving the text in the middle intact).





Regular expressions were split in 2 stages, to avoid deleting single carriage returns (also matched by \s) but still delete all blank lines and multiple linefeeds or spaces, trimming operations took place in 2 stages.





<?php


function webpage2txt($url)


{


$user_agent = “Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)”;





$ch = curl_init();    // initialize curl handle


curl_setopt($ch, CURLOPT_URL, $url); // set url to post to


curl_setopt($ch, CURLOPT_FAILONERROR, 1);              // Fail on errors


curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);    // allow redirects


curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable


curl_setopt($ch, CURLOPT_PORT, 80);            //Set the port number


curl_setopt($ch, CURLOPT_TIMEOUT, 15); // times out after 15s





curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);





$document = curl_exec($ch);





$search = array(’@<script[^>]*?>.*?</script>@si’,  // Strip out javascript


‘@<style[^>]*?>.*?</style>@siU’,    // Strip style tags properly


‘@<[\/\!]*?[^<>]*?>@si’,            // Strip out HTML tags


‘@<![\s\S]*?–[ \t\n\r]*>@’,         // Strip multi-line comments including CDATA


‘/\s{2,}/’,





);





$text = preg_replace($search, “\n”, html_entity_decode($document));





$pat[0] = “/^\s+/”;


$pat[2] = “/\s+\$/”;


$rep[0] = “”;


$rep[2] = ” “;





$text = preg_replace($pat, $rep, trim($text));





return $text;


}


?>





Potential uses of this function are extracting keywords from a webpage, counting words and things like that. If you find it useful, drop us a comment and let us know where you used it.

ismith at nojunk dot motorola dot com
21-Mar-2007 11:47


Be aware that when using the "/u" modifier, if your input text contains any bad UTF-8 code sequences, then preg_replace will return an empty string, regardless of whether there were any matches.



This is due to the PCRE library returning an error code if the string contains bad UTF-8.

dani dot church at gmail dot youshouldknowthisone
07-Feb-2007 01:09


Note that it is in most cases much more efficient to use preg_replace_callback(), with a named function or an anonymous function created with create_function(), instead of the /e modifier.  When preg_replace() is called with the /e modifier, the interpreter must parse the replacement string into PHP code once for every replacement made, while preg_replace_callback() uses a function that only needs to be parsed once.

Alexey Lebedev
07-Sep-2006 04:21


Wasted several hours because of this:





<?php


$str='It&#039;s a string with HTML entities';


preg_replace('~&#(\d+);~e', 'code2utf($1)', $str);


?>





This code must convert numeric html entities to utf8. And it does with a little exception. It treats wrong codes starting with &#0





The reason is that code2utf will be called with leading zero, exactly what the pattern matches - code2utf(039).


And it does matter! PHP treats 039 as octal number.


Try <?php print(011); ?>





Solution:


<?php preg_replace('~&#0*(\d+);~e', 'code2utf($1)', $str); ?>

robvdl at gmail dot com
21-Apr-2006 07:15


For those of you that have ever had the problem where clients paste text from msword into a CMS, where word has placed all those fancy quotes throughout the text, breaking the XHTML validator... I have created a nice regular expression, that replaces ALL high UTF-8 characters with HTML entities, such as ’.





Note that most user examples on php.net I have read, only replace selected characters, such as single and double quotes. This replaces all high characters, including greek characters, arabian characters, smilies, whatever.





It took me ages to get it just downto two regular expressions, but it handles all high level characters properly.





<?php


$text = preg_replace('/([\xc0-\xdf].)/se', "'&#' . ((ord(substr('$1', 0, 1)) - 192) * 64 + (ord(substr('$1', 1, 1)) - 128)) . ';'", $text);


$text = preg_replace('/([\xe0-\xef]..)/se', "'&#' . ((ord(substr('$1', 0, 1)) - 224) * 4096 + (ord(substr('$1', 1, 1)) - 128) * 64 + (ord(substr('$1', 2, 1)) - 128)) . ';'", $text);


?>

gabe at mudbuginfo dot com
18-Oct-2004 03:39


It is useful to note that the 'limit' parameter, when used with 'pattern' and 'replace' which are arrays, applies to each individual pattern in the patterns array, and not the entire array.

<?php



$pattern = array('/one/', '/two/');

$replace = array('uno', 'dos');

$subject = "test one, one two, one two three";



echo preg_replace($pattern, $replace, $subject, 1);

?>



If limit were applied to the whole array (which it isn't), it would return:

test uno, one two, one two three



However, in reality this will actually return:

test uno, one dos, one two three

steven -a-t- acko dot net
08-Feb-2004 11:45


People using the /e modifier with preg_replace should be aware of the following weird behaviour. It is not a bug per se, but can cause bugs if you don't know it's there.



The example in the docs for /e suffers from this mistake in fact.



With /e, the replacement string is a PHP expression. So when you use a backreference in the replacement expression, you need to put the backreference inside quotes, or otherwise it would be interpreted as PHP code. Like the example from the manual for preg_replace:



preg_replace("/(<\/?)(\w+)([^>]*>)/e",

             "'\\1'.strtoupper('\\2').'\\3'",

             $html_body);



To make this easier, the data in a backreference with /e is run through addslashes() before being inserted in your replacement expression. So if you have the string



 He said: "You're here"



It would become:



 He said: \"You\'re here\"



...and be inserted into the expression.

However, if you put this inside a set of single quotes, PHP will not strip away all the slashes correctly! Try this:



 print ' He said: \"You\'re here\" ';

 Output: He said: \"You're here\"



This is because the sequence \" inside single quotes is not recognized as anything special, and it is output literally.



Using double-quotes to surround the string/backreference will not help either, because inside double-quotes, the sequence \' is not recognized and also output literally. And in fact, if you have any dollar signs in your data, they would be interpreted as PHP variables. So double-quotes are not an option.



The 'solution' is to manually fix it in your expression. It is easiest to use a separate processing function, and do the replacing there (i.e. use "my_processing_function('\\1')" or something similar as replacement expression, and do the fixing in that function).



If you surrounded your backreference by single-quotes, the double-quotes are corrupt:

$text = str_replace('\"', '"', $text);



People using preg_replace with /e should at least be aware of this.



I'm not sure how it would be best fixed in preg_replace. Because double-quotes are a really bad idea anyway (due to the variable expansion), I would suggest that preg_replace's auto-escaping is modified to suit the placement of backreferences inside single-quotes (which seemed to be the intention from the start, but was incorrectly applied).

thewolf at pixelcarnage dot com
23-Oct-2003 09:38


I got sick of trying to replace just a word, so I decided I would write my own string replacement code. When that code because far to big and a little faulty I decided to use a simple preg_replace:





<?php


/**


 * Written by Rowan Lewis of PixelCarnage.com


 * $search(string), the string to be searched for


 * $replace(string), the string to replace $search


 * $subject(string), the string to be searched in


 */


function word_replace($search, $replace, $subject) {


    return preg_replace('/[a-zA-Z]+/e', '\'\0\' == \'' . $search . '\' ? \'' . $replace . '\': \'\0\';', $subject);


}


?>





I hope that this code helpes someone!

add a note

preg_split

preg_replace_callback

Last updated: Fri, 20 Nov 2009

preg_replace

Description

Parameters

Return Values

Changelog

Examples

Notes

See Also