Posted by Justin Koivisto on 09/08/05 16:55

Michael G wrote:

> "Michael G" <mike-g@montana.com> wrote in message
> news:1126133711_18365@spool6-east.superfeed.net...
>
>>"muldoonaz" <donot@spam.me.com> wrote in message
>>news:Q0JTe.296169$WN5.93062@fe02.news.easynews.com...
>>
>>>Michael G wrote:
>>>
>>>>The following is from
>>>>http://php.mirrors.ilisys.com.au/manual/en/security.database.sql-injection.php .
>>>>
>>>>Would someone explain the following lines, in particular I don't
>
> >> return preg_replace('/\{(.*?)\}/ei','$paramArr[\'$1\']',
> $queryString);
>
>>>}
>>>
>>
>>But I still fail to understand how 'paramArr[\'$1\']' is mapped using $1
>>as an index. I've tried printing paramArr['$1'] to see if I might gain
>>some understanding but to no avail.
>>
>
>
> ok. I have an explanation, thanks to a Perl book I have. Anyway, the $1 is
> called a backreference. Backreferences contain the value that is matched by
> each atom of the regular expression. In this case there is only one atom -
> (.*?), hence only one backreference. So each time there is a match the value
> contained in the curly braces would be copied into the backreference. So
> $paramArr['$1'] after the first match would give $paramArr['0'] as per the
> regex. Not real sure about what the modifiers 'ei' mean at the end of the
> pattern.

IIRC, the 'e' modifier is for expand or evaluate, and I know that the
'i' modifier is case-insensitive matching.

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

[Back to original message]