tags:

views:

205

answers:

3
+1  Q: 

best way to escape and create a slug

hey guys

im somehow confused in using proper functions to escape and create a slug

i used this : 

$slug_title = mysql_real_escape_string()($mtitle);

but someone told me not to use it and use urlencode()

which one is better for slugs and security

as i can see in SO , it inserts - between words :

http://stackoverflow.com/questions/941270/validating-a-slug-in-django

thanx in advanced

+5  A: 

Using either MySQL or URL escaping is not the way to go.

Here is an article that does it better:

function toSlug($string,$space="-") {
    if (function_exists('iconv')) {
        $string = @iconv('UTF-8', 'ASCII//TRANSLIT', $string);
    }
    $string = preg_replace("/[^a-zA-Z0-9 -]/", "", $string);
    $string = strtolower($string);
    $string = str_replace(" ", $space, $string);
    return $string;
}

This also works correctly for accented characters.

Thomas  2010-04-05 19:26:55
problem is for arabic and mb languages this function wont work and changes all characters to -
Mac Taylor  2010-04-05 20:05:12
+3  A: 

Here's an alternative solution that is very similar to the one above but doesn't rely on iconv():

function Slug($string)
{
    return strtolower(trim(preg_replace(array('~[^0-9a-z]~i', '~-+~'), '-', preg_replace('~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', htmlentities($string, ENT_QUOTES, 'UTF-8'))), '-'));
}

$user = 'Alix Axel';
echo Slug($user); // alix-axel

$user = 'Álix Ãxel';
echo Slug($user); // alix-axel

$user = 'Álix----_Ãxel!?!?';
echo Slug($user); // alix-axel

Source: Alix Axel in this SO thread

John Conde  2010-04-05 19:39:00
+1  A: 

mysql_real_escape_string() has different purpose than urlencode() which both aren't appropriate for creating a slug.

A slug is supposed to be a clear & meaningful phrase that concisely describes the page.

mysql_real_escape_string() escapes dangerous characters that can change the purpose of the original query string.

urlencode() escapes invalid URL characters with "%" followed by 2 hex digits that represents their code (e.g. %20 for space). This way, the resulting string will not be clear & meaningful, because of the unpleasant characters sequences, e.g. http://www.domain.com/bad%20slug%20here%20%3C--

Thus any characters which may be affected by urlencode() should be omitted, except for spaces that are usually replaced with -.

Dor  2010-04-05 19:40:51

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases