Explode doesn't like a variable for the separator?

jackinva

Hello,

I was hoping someone else ran into this problem and knew how to resolve it.

I'm creating a data import feature for a web database application. One of the forms prompts the user to identify the character that separates each value (in the text file). Users are told to enter \t for tab.

When the form field is retrieved, it actually contains "\t", which I'm guessing is part of some security feature. No problem, my code strips slashes before using it:

$fieldDelimiter=stripslashes($_POST['fieldDelimiter']);

Here's the problem:

$dataLine=explode($fieldDelimiter,$importData[$i]);

where $i is in a for loop that reads each line of the text file that was read into an array using the file function.

This results in the entire line being read as one array element in $dataLine. If I hard code "\t" into the explode call, it works as I want. But if the form field value is used, I get just one array element.

Is there something I'm not aware of when using escaped characters in strings that I need to know when working with explode? I've searched the online PHP documentation with nothing useful found.

Any help would be appreciated.

Thanks,
Jack

cmburns69

The problem is in the use of the literal string "\t" and a string containing the tab character.

A solution would be to pass the user-defined delimiter through a function that looks like:

$delimiter = str_replace("\t","\t",$delimiter);

This says to replace all instances of the literal string "\t" and replace it with an instance of the tab character.

I hope this helps!

Tom Brown
Netnexus: Where gamers play
http://www.netnexus.com

jackinva

I tried your suggestion but that didn't seem to help at all. When I echoed that string back to the browser to indicate the delimiter all I got was "\". And it still seemed to indicate that the entire line was one field.

Taking that a step further, I did wonder if I tried

$fieldDelimiter="\t";
$dataLine = explode($fieldDelimiter,$importData[$i]);

would result in the same thing as

$dataLine = explode("\t",$importData[$i]);

which it does. So somehow the use of a form field to specify an escaped character ($_POST['fieldDelimiter']) taints the data variable since

$fieldDelimiter = str_replace("\t","\t",$_POST['fieldDelimiter']);

and

$fieldDelimiter = "\t";

don't result in the same thing when used in explode.

cmburns69

Ok, this does about the same thing as the code I used before...

Try a couple of combinations of stripslashes AND stripcslashes:

// First counteract the effects of "magic quotes"
$delimiter = stripslashes($_POST['delimiter']);

// Now convert literal "\t"s to the tab character.
// This will work for carriage returns ("\r") and
// newlines ("\n") as well
$delimiter = stripcslashes($delimiter);

// Now separate the fields by the delimiter
$dataLine = explode($delimiter,$importData[$i]);

This should work...

Tom Brown
Netnexus: Where gamers play
http://www.netnexus.com

altexis

maybe the 1st answer from cmburns69 could work but with single quotes:

$delimiter = str_replace('\t','\t',$delimiter);

jackinva

I finally got back to working on this problem and the last suggestion from cmburns69 worked. I actually modified it slightly to take into account the setting of magic quotes in PHP:

	// First counteract the effects of "magic quotes"
	if (get_magic_quotes_gpc() == 1) {
		$fieldDelimiter = stripslashes($_POST['fieldDelimiter']);
	} else {
		$fieldDelimiter = $_POST['fieldDelimiter'];
	}

	// Now convert literal "\t"s to the tab character.
	// This will work for carriage returns ("\r") and
	// newlines ("\n") as well
	$fieldDelimiter = stripcslashes($fieldDelimiter);

...
$dataLine = explode($fieldDelimiter,$importData[$i]);

Thanks for the help!

jackinva

[In case someone else finds this thread useful...]

The solution I posted originally didn't show where (in the ... section) the hidden field was assigned so that when the form was submitted again that the tab character (\t) was retained. Netscape caused errors indicating that the explode delimiter was empty after the form was resubmitted. I was able to resolve this problem if I had the form's hidden field defined before the call to the stripcslashes. So the code that will work in both IE and Netscape looks like this:

	// First counteract the effects of "magic quotes"
	if (get_magic_quotes_gpc() == 1) {
		$fieldDelimiter = stripslashes($_POST['fieldDelimiter']);
	} else {
		$fieldDelimiter = $_POST['fieldDelimiter'];
	}

	print("<input type=\"hidden\" name=\"fieldDelimiter\" value=\"$fieldDelimiter\">");

	// Now convert literal "\t"s to the tab character.
	// This will work for carriage returns ("\r") and
	// newlines ("\n") as well
	$fieldDelimiter = stripcslashes($fieldDelimiter);

...

			$dataLine = explode($fieldDelimiter,$importData[$i]);