On 08/22/2011 03:38 PM, Wesley Alan Wright wrote:
> I have found everything I ever needed to know about LDAP with these lines of code, especially the print_r and is_array bits.
>
> 	$ldapserver ="ldaps://ldap.uvm.edu" ;
> 	$dnstring ="ou=People,dc=uvm,dc=edu" ;
> 	$filter ="(uid=$_POST['uid'])" ;
Though with an anonymous bind there's not much security risk involved 
with injection attacks, it's good practice to escape data coming from 
any request. I made the following function for escaping LDAP filter 
components a long time ago. It's a functionality not offered by any of 
PHP's ldap functions. It could certainly be made more compact or 
improved upon, but it does the job. Feel free to use.

     function ldap_quote($str) {
         $map = array(
             "\x00" => "\\00", // null
             "\x26" => "\\26", // &
             "\x28" => "\\28", // (
             "\x29" => "\\29", // )
             "\x2a" => "\\2a", // *
             "\x2f" => "\\2f", // /
             "\x3c" => "\\3c", // <
             "\x3d" => "\\3d", // =
             "\x3e" => "\\3e", // >
             "\x5c" => "\\5c", // \
             "\x7c" => "\\7c", // |
             "\x7e" => "\\7e"  // ~
         );
         return str_replace(array_keys($map),array_values($map),$str);
     }