ldap_escape

(PHP 5 >= 5.6.0, PHP 7, PHP 8)

ldap_escapeEscape a string for use in an LDAP filter or DN

Description

ldap_escape(string $value, string $ignore = "", int $flags = 0): string

Escapes value for use in the context implied by flags.

Parameters

value

The value to escape.

ignore

Characters to ignore when escaping.

flags

The context the escaped string will be used in: LDAP_ESCAPE_FILTER for filters to be used with ldap_search(), or LDAP_ESCAPE_DN for DNs. If neither flag is passed, all chars are escaped.

Return Values

Returns the escaped string.

Examples

When building an LDAP filter, you should use ldap_escape with LDAP_ESCAPE_FILTER flag.

Example #1 Searching for an email address

<?php
// $ds is a valid LDAP\Connection instance for a directory server

// $mail is an email address provided by the user in a form

$base = "o=My Company, c=US";
$filter = "(mail=".ldap_escape($mail, "", LDAP_ESCAPE_FILTER).")";

$sr = ldap_search($ds, $base, $filter, array("sn", "givenname", "mail"));

$info = ldap_get_entries($ds, $sr);

echo
$info["count"]." entries returned\n";
?>

add a note

User Contributed Notes 2 notes

up
1
support at extollit dot com
4 years ago
Suppose you want to reverse the operation, here is a way to "ldap_unescape"

<?php

function ldap_unescape($string) {
return
preg_replace_callback(
"/\\\\[\da-z]{2}/",
function (
$matches) {
$match = array_shift($matches);
return
hex2bin(substr($match, 1));
},
$string
);
}

$result = ldap_unescape("uid=\\61\\6c\\70\\68\\6f\\6e\\7a\\6f,ou=people,dc=foo,dc=com"); // uid=alphonzo,ou=people,dc=foo,dc=com

?>
up
0
martin dot keckeis1 at gmail dot com
9 years ago
You can use it like this for filtering

<?php
$badSearchInput
= 'Domain\username';

$escapedSearchInput = ldap_escape($badSearchInput, null, LDAP_ESCAPE_FILTER);
?>
To Top