How to remove carriage returns from output of string ?

Question

I am using wordpress as a CMS and trying to allow user fields to be input to populate the info windows in a Google Map script. I am using this to select the id and pull in the content from a custom field.

It works fine unless there is any html in the custom-field which breaks the script.
I looked at htmlspcialchar and htmlentities but rather than strip everything out I would like to have it escaped so it still works and the html is intact. Any suggestions? I am pretty new to PHP and would really appreciate any pointers.

After a while I am still unable to find a great solution for this. TheDeadMedic suggested I use esc_js

but that printed all of the actual html code instead of rendering it.

Thank you to nickfs as that solution was slightly better but the script still breaks if there are any carriage returns in the output, which makes this not so great for a CMS.

Something else I tried was to use the trim function.. this is where I am at now where it works as long as no \r in the output. The $snip string, mapExcerpt field is where the returns are coming from:

<?php $post_id = 207; // Wordpress Post ID
$my_post = get_post($post_id);
$mapTitle  = $my_post->post_title;
$mapIMG = get_post_meta($post_id, 'mapImage', true);
$snip = get_post_meta($post_id, 'mapExcerpt', true);
$lat = get_post_meta($post_id, 'lat', true);
$long = get_post_meta($post_id, 'long', true);
$pass_to = '<div class="span-8"><div class="mapTitle">'.$mapTitle.'</div><div class="mapContent">'.$snip.'</div></div>';
$trimmed = trim($pass_to, " \r.");
?>
var point = new GLatLng('<?php echo $lat; $lat; ?>','<?php echo $long; $long; ?>');
var marker = createMarker(point,"<?php echo $mapTitle; $mapTitle; ?>", '<?php echo addslashes($trimmed); ?>');
map.addOverlay(marker);

Any other ideas out there on how I can pull this off?

Answer 1

Since you're putting this into Javascript, you'll need to escape it for javascript strings. addslashes() should do the trick.

Answer 2

Try JSON-encoding it, I always do that when I send data from PHP to Javascript. It solves most encoding issues, including newlines.

Answer 3

Use WP's own esc_js(), which will escape quotes and line breaks for JavaScript strings.

Answer 4

I don't fully understand your exact problem, but the answer to the title of your question is quite simple:

$snip = str_replace('.', '', $snip); // remove dots
$snip = str_replace(' ', '', $snip); // remove spaces
$snip = str_replace("\t", '', $snip); // remove tabs
$snip = str_replace("\n", '', $snip); // remove new lines
$snip = str_replace("\r", '', $snip); // remove carriage returns

Or a all in one solution:

$snip = str_replace(array('.', ' ', "\n", "\t", "\r"), '', $snip);

You can also use regular expressions:

$snip = preg_replace('~[[:cntrl:]]~', '', $snip); // remove all control chars
$snip = preg_replace('~[.[:cntrl:]]~', '', $snip); // above + dots
$snip = preg_replace('~[.[:cntrl:][:space:]]~', '', $snip); // above + spaces

You'll still need to use addslashes() to output $snip inside Javascript.

Answer 5

I always use this to get rid of pesky carriage returns:

$string = str_replace("\r\n", "\n", $string); // windows -> unix
$string = str_replace("\r", "\n", $string);   // remaining -> unix