preg_replace causing dollar signs get removed

Question

I have an email system, where user write a message and it will send the message. The main problem which I just found, consider this code

    $findEmail = $this->Data->field('body', array('id' => 1610));

    //$getUserEmailTemplate will take frm dbase and e.g: 
    //Hi, @@MESSAGE@@. From: StackOverflow
    //It should change @@MESSAGE@@ part to data from $findEmail (in this example is the $74.97 ...)

    $getUserEmailTemplate = $findUser['User']['email_template'];
    $emailMessage = preg_replace('/\B@@MESSAGE@@\B/u', $findEmail, $getUserEmailTemplate);

    debug($findEmail);
    debug($emailMessage);

and consider this input for the email for $findemail result:

$74.97
$735.00s

$email Message will result in:

.97
5.00s

How can I fix this? I feel like there's problem with my preg_replace pattern.

User template can be anything, as long as there is @@MESSAGE@@ which, that part will be changed to the user message input.

Thank you

Answer 1

Pre-parse the replacement text to escape the $ when followed by a number (remember that $n has special meaning when using in the replacement text). See the comment on the php.net docs page:

If there's a chance your replacement text contains any strings such as "$0.95", you'll need to escape those $n backreferences:

<?php
  function escape_backreference($x){
    return preg_replace('/\$(\d)/', '\\\$$1', $x);
  }
?>

Answer 2

The high-voted function escape_backreference is incomplete in the general case: it will only escape backreferences of the form $n, but not those of the form ${n} or \n.

To escape any potential backreferences, change

    $emailMessage = preg_replace('/\B@@MESSAGE@@\B/u', $findEmail, $getUserEmailTemplate);

to

    $emailMessage = preg_replace('/\B@@MESSAGE@@\B/u', addcslashes($findEmail, '\\$'), $getUserEmailTemplate);

Answer 3

Here is the reason:

The $1 portion of a replacement text stands for the first group/match found. So if you have abc 123 and you try preg_match('/([\w]+)-([\d]+)/'), regex will store internally something like $1 = abc and $2 = 123. Those variables are going to exists, even if they have no value.

So, for example:

$text = '[shortcode]';
$replacement = ' some $var $101 text';
$result = preg_replace('/\[shortcode\]/', $var, $text);
// returns "some $var 1 text"

As the match group $10 is empty is going to be replaced by a null string.

That's why you need to scape any $NN from your REPLACEMENT text before running the preg_replace function.

Happy coding.