String Manipulation in PHP

The nature of web development requires strings to be created, manipulated, and, in some cases, evaluated. Understanding the concept of string manipulation is an important piece for developers.

This introductory tutorial will explain some simple constructs associated with handling strings, in addition to some more advanced techniques for those of you who are ambitious.

You will also learn how to format strings and work with functions to manipulate them. You will also learn about the benefits and dangers of magic quotes.

Lesson Goals

  • To format strings.
  • To work with string manipulation functions.
  • To make strings safe for outputting to the browser.
  • To understand the benefits and dangers of magic quotes.

This tutorial assumes several things about the reader:

  • You are familiar with PHP.
  • You have access to a server or servers running the PHP package.

Creating a string

To declare a string in PHP, you can use double quotes (“”) or single quotes (“). There are some differences you need to know about using these two.

If you’re using double-quoted strings, variables will be expanded (processed). Special characters such as line feed (n) and carriage return (r) are expanded too. However, with single-quoted strings, none of those things happen. Take a look at the example below to see what I mean.

Note that browsers don’t print newline characters (r and n), so when you open string.php, take a look at the source and you will see the effect of these newline characters.


The easiest way to specify a simple string is to enclose it in single quotes (the character ‘). Enclosing the string in double-quotes (“”) will allow PHP to understand additional escape sequences for special characters:

n linefeed (LF or 0x0A (10) in ASCII)

r carriage return (CR or 0x0D (13) in ASCII)

t horizontal tab (HT or 0x09 (9) in ASCII)


$dollar sign


[0-7] 1,3 The sequence of characters matching the regular expression is a character in octal notation.

x [0-9A-Fa-f] 1,2 The sequence of characters matching the regular expression is a character in hexadecimal notation.

The PHP parser will determine string start and end points based on matching quotes. That means every string must start and end with the same type of quote. This is the cause of many headaches for some coders. You can include single quote marks and other characters in the double quoted string, which often lends confusion to when you have actually closed your string.

Here’s a trick I use to ensure I avoid this problem… When I create a string variable, I complete the entire declaration statement prior to filling in the value:

$str_1 = ''; 
$str_2 = ""; 

Then follow through by adding my value to the statement:

$str_1 = 'I am a string in single quotes'; 
$str_2 = "I am a string in double quotes"; 

String Manipulation Functions

Trimming Strings
trim()Removes whitespace at beginning and end of a string.
ltrim()Removes whitespace at the beginning of a string.
rtrim()Removes whitespace at the end of a string.

htmlentities()Escapes all HTML entities.
nl2br()Inserts a <br /> tag before each newline character in a string.
strtoupper()Converts a string to uppercase.
strtolower()Converts a string to lowercase.
ucfirst()Converts the first character of a string to uppercase.
ucwords()Converts the first character of each word in a string to uppercase.

Converting Strings and Arrays
explode()Splits a string into an array on a specified character or group of characters.
implode()Converts an array into a string, placing a specified character or group of characters between each array element.
join()Same as implode().

substr(str,pos)Returns the substring from the character in position pos to the end of the string.
substr(str,-len)Returns the substring from len characters from the end of the string to the end of the string.
substr(str,pos,len)Returns a len length substring beginning with the character in position pos.
substr(str,pos,-len)Returns a substring beginning with the character in position pos and chopping off the last len characters of the string.
strstr(haystack,needle,before_needle)If the third argument (before_needle) is false (default), then it returns the part of the haystack from the needle on.

If the third argument (before_needle) is true, then it returns the part of the haystack before the needle.

The needle can be a string or an integer (or a number that can be converted to an integer).

stristr(haystack,needle,before_needle)Same as strstr(), but case insensitive.

It finds the position of the first occurrence of a specified needle in a haystack (string).

The needle can be a string or an integer (or a number that can be converted to an integer).


It finds the position of the last occurrence of a specified needle in a haystack (string).

The needle can be a string or an integer (or a number that can be converted to an integer).

str_replace()Replaces all occurrences of one string with another string.

Comparing Strings
strcmp()Compares two strings. Returns < 0 if str1 is less than str2, > 0 if str1 is greater than str2, and 0 if they are equal.
strcasecmp()Like strcmp() but case insensitive.
strlen()Returns the length of a string.

Examples of String Functions

Below are some examples of string manipulation functions.

trim() and strtolower()

This example uses trim() and strtolower() to improve the form validation script.

Code Sample:

    $lastName = trim($_GET['LastName']);
    $gender = strtolower(trim($_GET['Gender']));
    if ($lastName == ' || $gender == ')
        echo 'Error: You must fill out the form.
                Please <a href="Greeting.html">try again</a>.';
            case 'male' :
                echo "Hello Mr. $lastName!";
            case 'female' :
                echo "Hello Ms. $lastName!";
            default :
                echo "<b>$gender</b> is not a gender!";

strrchr($string, $char) : find the last occurence of the character $char in $string

For example: you want to get the file extension from a file name. You can use this function in conjunction with substr()

$ext = substr(strrchr($filename, '.'), 1);

What the above code do is get a chunk of $filename starting from the last dot in $filename then get the substring of it starting from the second character ( index 1 ).

To make things clearer suppose $filename is ‘tutorial.php’. Using strrchr(‘tutorial.php’, ‘.’) yield ‘.php’ and after substr(‘.php’, 1) we get the file extension; ‘php’


The explode () function is used to convert a string to an array. This function is commonly used to extract values from a string which are separated by a certain separator string. For example, suppose we have some information stored as comma-separated values. To extract each value, we can do it as shown below.

The following code elaborates it.

    $emails = explode(';',$_POST['Emails']);
    echo '<ol>';
    foreach ($emails as $email)
        echo '<li>' . trim($email) . '</li>';
    echo '</ol>';

Notice that the trim () function is used to trim the resulting elements of the array. This is because the string explodes on the semi-colon only. If the user adds additional whitespace around the semi-colon, that whitespace will be part of the array element.

implode($string, $array) : Join the values of $array using $string

This one do the opposite than the previous function. For example to reverse back the $info array into a string we can do it like this :

$info = array('Uzumaki Naruto', 15, 'Konoha Village');

$csv = implode(',', $info);

Another example : Pretend we have an array containing some values and we want to print them in an ordered list. We can use the implode() like this :

// print ordered list of names in array

$names = array('Uchiha Sasuke', 'Haruno Sakura', 'Uzumaki Naruto', 'Kakashi');

echo '<ol><li>' . implode('</li><li>', $names) . '</li></ol>';

The result of that code is like an ordered list just like shown below

  1. Uchiha Sasuke
  2. Haruno Sakura
  3. Uzumaki Naruto
  4. Kakashi

By the way, i did write the above php code to print that list instead of writing the list directly

Escape Characters

To include a quote in the middle of a string and have the parser ignore it, you need to escape it with a backslash. This tells PHP that the quote should not be used as the end point of the string, and to continue to the next quote:

$str_1 = 'I am a \'string\' in single quotes'; 
echo $str_1."<br&gt;";
$str_2 = "I am a \"string\" in double quotes"; 
echo $str_2."<br>";

To include a backslash itself in a string, you need to escape the backslash with a backslash:

$str_1 = 'I am a \\backslash\\ in single quotes'; 
echo $str_1."<br>";
$str_2 = "I am a \\backslash\\ in double quotes"; 
echo $str_2."<br>";

Another way to delimit strings is by using heredoc syntax (“”). Using this syntax, a unique identifier is placed after, the string to be stored or displayed, and finally the same identifier to close the quotation.

The closing identifier must begin in the first column of the line. Also, the identifier used must follow the same naming rules as any other label in PHP: it must contain only alphanumeric characters and underscores, and it must start with a non-digit character or underscore.

$str = <<<EOD 
Example of a string 
spanning multiple lines 
using the heredoc syntax. 

The Heredoc system is also known as the Here Document format. This system is normally used for large amounts of text, with no worries about overlapping quotes. You do not need to escape quotes in your docs, but you can still use escape codes.

Concatenating Strings

To concat two strings you need the dot (.) operator, so if you have a long string and, for the sake of readability, you have to cut it into two, you can do it just like the example below.

The example below illustrates this.

$str_1 = 'This';
$str_2 = 'is a';
$str_3 = 'string.';
$str = $str_1. " " .$str_2. " " .$str_3;
echo $str;

Used with the assignment operator (=), you can append data to your string-making the creation of large strings very simple.

As shown in the code, double quotes can be used to avoid using the concatenation operator. This works for concatenating literal strings with variables, but it does not work for concatenating values returned from functions. To do that, the function call must be outside of any quotes and combined with the rest of the string using the concatenation operator. This is also demonstrated in the code sample above.

$str = 'This ';
$str .= 'is a ';
$str .= 'string.';
echo $str;

Variables & Strings

PHP lets you include variables inside double quoted strings:

$str_1 = 'This is a';
$str_2 = 'string.';
$str = "$str_1 $str_2";
echo $str; ?>

Double and single quoted strings containing variables will not give you the same results. Double quoted strings will interpret the variable while single quoted strings will treat it as part of the original string variable:

$num = 9;
echo 'Display the number $num';
// displays "Display the number $num" to the screen
echo "Display the number $num";
// displays "Display the number 9" to the screen

Because scripts using single quotes run slightly faster, double quotes should only be used when you want to include special escape characters or variables within the string.

It is advisable to concatenate strings, as shown in prior examples, when you are using complex or even simple variable substitution.

$str_1 = 'This is a';
$str_2 = 'nother boring';
$str_3 = 'string example';
echo $str_1.$str_2. " " .$str_3. ".";

Magic Quotes

There are two settings in the php.ini file that determine how PHP handles incoming data. The settings are magic_quotes_gpc (on by default) and magic_quotes_runtime (off by default).


The value of magic_quotes_gpc determines whether GET, POST and COOKIE data should be escaped “automagically”. If magic_quotes_gpc is set to 1, then single quotes, double quotes and backslashes will be escaped with backslashes. In this case, if a user entered “O’Reilly” as her last name, and your script returned that value to the browser (e.g, echo $_POST[‘LastName’];), the value returned would read “O\’Reilly”. You would need to strip the backslashes by passing the value through the stripslashes() function (e.g, echo stripslashes($_POST[‘LastName’]);).

Although magic quotes can be useful, they can also cause confusion as the developer may not know whether magic quotes are turned on or off. To check whether they are on, use the get_magic_quotes_gpc() function as shown below.

if (get_magic_quotes_gpc())
    echo stripslashes($_POST['LastName']);
    echo $_POST['LastName'];


The value of magic_quotes_runtime determines whether data returned from files and databases should be escaped “automagically”. It works similarly to magic_quotes_gpc.


Strings are probably what you will use most in your PHP script. From concatenating, looking for patterns, trimming, chopping etc. So I guess it’s a good idea to take a better look at this creature. We will also take a peek at some string functions that you might find useful for everyday coding.

A large portion of web development involves handling and generating strings. Knowing how to properly handle and manipulate strings is important. To maximize your code, correct string definition is the first, and often forgotten, place to start.

Always remember to use single quotes to enclose your strings, unless including variables within the string variable. And when you need to involve variables, try to make use of concatenation to avoid using double quotes wherever possible. Your end result will be a much faster site.

Add a Comment

Your email address will not be published. Required fields are marked *


My name is Nohman Habib and I am a web developer with over 10 years of experience, programming in Joomla, Wordpress, WHMCS, vTiger and Hybrid Apps. My plan to start is to share my experience and expertise with others. Here my basic area of focus is to post tutorials primarily on Joomla development, HTML5, CSS3 and PHP.

Nohman Habib


Request a Quote

PHP Code Snippets Powered By :