[RESOLVED] Expanding escape sequences in existing string, without eval?

evan_k

I have an existing string with escape sequences in them, and I want to expand them, but I don't want to run it through eval because I don't want any variables to be interpolated. Is there a simple way to do this by using PHP's existing ability to find and expand escape sequences, but that will not interpret variables?

<?php

// want to interpolate *any* backslash escape sequences
$str = 'Quantity:\t500\nPrice:\t$5.25 each';

// this interpolates $5 as a variable, which I don't want
eval('$str = "' . $str . '";');

laserlight

It sounds like you want to use double quote delimited strings instead. Such strings recognise more escape sequences, and even parse variables embedded within them.

$str = "Quantity:\t500\nPrice:\t$5.25 each";

evan_k

That's exactly what I don't want, though...I want to avoid variable interpolation. That's my snafu.

laserlight

Oh, sorry, I did not read that part carefully.

The answer then is no. You have to perform the string parsing yourself, e.g., by replacing '\t' with "\t".

bradgrafelman

This seems like a weird way to do it, but this appears to work:

$variable = "foobar";
$string = 'This is a test! A line break:\n and a \t tab! no $variable tho!';

$pattern = '/(?<!\\\)(\\\(?:n|r|t|v|f|[0-7]{1,3}|x[0-9a-f]{1,2}))/ie';
$replace = 'eval(\'return "$1";\')';

echo preg_replace($pattern, $replace, $string);

Output:

This is a test! A line break:
 and a 	 tab! no $variable tho!

Note that if you didn't care about the special escape sequences and only wanted to expand \r, \n, \t, and \v, you could simply do:

$string = str_replace(array('\n', '\r', '\t', '\v'), array("\n", "\r", "\t", "\v"), $string);

evan_k

Hmm, once I sat down to tackle this problem, it didn't get nearly as hairy as I expected it to be. After some muddling through the online docs, and many, many obscenities, I produced this, which seems quite workable, and doesn't present any security risks that I can see:

<?php

// where we do all our magic
function expand_escape($string) {
	return preg_replace_callback(
		'/\\\([nrtvf]|[0-7]{1,3}|x[0-9A-Fa-f]{1,2})?/',
		create_function(
			'$matches',
			'return ($matches[0] == "\\\\") ? "" : eval( sprintf(\'return "%s";\', $matches[0]) );'
		),
		$string
	);
}

// a string to test, and show the before and after
$before = 'Quantity:\t500\nPrice:\t$5.25 each';
$after = expand_escape($before);
var_dump($before, $after);

/* Outputs:
string(34) "Quantity:\t500\nPrice:\t$5.25 each"
string(31) "Quantity:	500
Price:	$5.25 each"
*/

?>

edit: heh, I just noticed Brad's solution after I posted my own. I need to remember to refresh the page before I follow up, I guess. At any rate, his seems to be a little cleaner, as it doesnt require the lambda function. i also forgot the 'x' for hex values, though I removed the 'i' flag and added 'A-F' to the range, since \N, \R, \T, etc aren't valid escape sequences. this is the final function I ended up with (thanks brad):

<?php
function expand_escape($string) {
	return preg_replace(
		'/(?<!\\\)(\\\(?:[nrtvf]|[0-7]{1,3}|x[0-9A-Fa-f]{1,2}))/e',
		'eval(\'return "$1";\')',
		$string
	);
}

Weedpacket

evan_k wrote:
but I don't want to run it through eval because I don't want any variables to be interpolated.

Well, you can stop that easily enough...


// want to interpolate *any* backslash escape sequences
$str = 'Quantity:\t500\nPrice:\t$5.25 each';

$str = str_replace('$','\\$', $str);

eval('$str = "' . $str . '";');

bradgrafelman

I'd thought about simply doing that, though you'd also want to escape any single quote within the string so that it doesn't break the eval() code.

At any rate, guess I just wanted to create yet another regexp expression to solve a problem... heh. :o