开发者

best way to escape and create a slug [duplicate]

开发者 https://www.devze.com 2022-12-25 12:53 出处:网络
This question already has answers here: Closed 10 years ago. Possible Duplicate: URL Friendly Username in PHP?
This question already has answers here: Closed 10 years ago.

Possible Duplicate:

URL Friendly Username in PHP?

im somehow confused in using proper functions to escape and create a slug

i used this :

$slug_title = mysql_real_escape_string()($mtitle);

b开发者_Go百科ut someone told me not to use it and use urlencode()

which one is better for slugs and security

as i can see in SO , it inserts - between words :

https://stackoverflow.com/questions/941270/validating-a-slug-in-django


Using either MySQL or URL escaping is not the way to go.

Here is an article that does it better:

function toSlug($string,$space="-") {
    if (function_exists('iconv')) {
        $string = @iconv('UTF-8', 'ASCII//TRANSLIT', $string);
    }
    $string = preg_replace("/[^a-zA-Z0-9 -]/", "", $string);
    $string = strtolower($string);
    $string = str_replace(" ", $space, $string);
    return $string;
}

This also works correctly for accented characters.


mysql_real_escape_string() has different purpose than urlencode() which both aren't appropriate for creating a slug.

A slug is supposed to be a clear & meaningful phrase that concisely describes the page.

mysql_real_escape_string() escapes dangerous characters that can change the purpose of the original query string.

urlencode() escapes invalid URL characters with "%" followed by 2 hex digits that represents their code (e.g. %20 for space). This way, the resulting string will not be clear & meaningful, because of the unpleasant characters sequences, e.g. http://www.domain.com/bad%20slug%20here%20%3C--

Thus any characters which may be affected by urlencode() should be omitted, except for spaces that are usually replaced with -.

0

精彩评论

暂无评论...
验证码 换一张
取 消