PHPerKaigi 2025

ldap_escape

(PHP 5 >= 5.6.0, PHP 7, PHP 8)

ldap_escapeEscape a string for use in an LDAP filter or DN

说明

ldap_escape(string $value, string $ignore = "", int $flags = 0): string

Escapes value for use in the context implied by flags.

参数

value

The value to escape.

ignore

Characters to ignore when escaping.

flags

The context the escaped string will be used in: LDAP_ESCAPE_FILTER for filters to be used with ldap_search(), or LDAP_ESCAPE_DN for DNs. If neither flag is passed, all chars are escaped.

返回值

Returns the escaped string.

示例

When building an LDAP filter, you should use ldap_escape with LDAP_ESCAPE_FILTER flag.

示例 #1 Searching for an email address

<?php
// $ds is a valid LDAP\Connection instance for a directory server

// $mail is an email address provided by the user in a form

$base = "o=My Company, c=US";
$filter = "(mail=".ldap_escape($mail, "", LDAP_ESCAPE_FILTER).")";

$sr = ldap_search($ds, $base, $filter, array("sn", "givenname", "mail"));

$info = ldap_get_entries($ds, $sr);

echo
$info["count"]." entries returned\n";
?>

添加备注

用户贡献的备注 2 notes

up
1
support at extollit dot com
4 years ago
Suppose you want to reverse the operation, here is a way to "ldap_unescape"

<?php

function ldap_unescape($string) {
return
preg_replace_callback(
"/\\\\[\da-z]{2}/",
function (
$matches) {
$match = array_shift($matches);
return
hex2bin(substr($match, 1));
},
$string
);
}

$result = ldap_unescape("uid=\\61\\6c\\70\\68\\6f\\6e\\7a\\6f,ou=people,dc=foo,dc=com"); // uid=alphonzo,ou=people,dc=foo,dc=com

?>
up
0
martin dot keckeis1 at gmail dot com
9 years ago
You can use it like this for filtering

<?php
$badSearchInput
= 'Domain\username';

$escapedSearchInput = ldap_escape($badSearchInput, null, LDAP_ESCAPE_FILTER);
?>
To Top