Home/ Questions/Q 6561017
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T13:32:09+00:00

I’m trying to escape the character $ so that it becomes a literal within

  • 0

I’m trying to escape the character $ so that it becomes a literal within a string I’m compiling. I thought that this would do the trick, but apparently not:

$html = $_POST['html'];
$sanitize = htmlspecialchars($html);
$sanitize = str_replace("$", "\$", $sanitize); // Addition.

Here’s my base code posted as html (it was originally a sanitizer for html, the last part being an addition).

$rp = realpath($_SERVER['DOCUMENT_ROOT']);
include($rp. "_static/inc/db_conn.php");

$conn = mysql_connect($db_host, $db_user, $db_pass); mysql_select_db($db_name);

It produces:

$rp = realpath($_SERVER[\'DOCUMENT_ROOT\']);
include($rp. \"_static/inc/db_conn.php\");

$conn = mysql_connect($db_host, $db_user, $db_pass); mysql_select_db($db_name);

It appears thus, that htmlspecialchars() is working as I’d expect it to, but not str_replace().

Any help/answers would be appreciated (heads up, I’ve never used str_replace() before, so I just went as per the PHP doc).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to escape the backslash as well.

    $sanitize = str_replace("$", "\\$", $sanitize);

    Alternatively, you could use single quotes.

    $sanitize = str_replace('$', '\$', $sanitize);
    • 0