php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #28683 addcslashes ASCII character conversion octal range invalid
Submitted: 2004-06-07 21:53 UTC Modified: 2004-08-09 15:53 UTC
From: todd at magnifisites dot com Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.3.6 OS: RH Linux/Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2004-06-07 21:53 UTC] todd at magnifisites dot com 
Description:
------------
The addcslashes manual page states that characters with ASCII code lower than 32 and higher than 126 are converted to octal representation.  It then instructs us to use the ord() function to find the ASCII value for a character.  I have found discrepancies in my tests (I've tested on both Linux and Windows servers).  The octal representation conversion seems to occur completely throughout the range including 32 through 126, inclusive, rather than outside that range.

Reproduce code:
---------------
$null = NULL;
$var = "Hi there\" dollar $ amper \t sand & and single ' quote NULL $null";
$escaped_var = addcslashes($var, "\0\9\34\36\38\39");
print $escaped_var;


Expected result:
----------------
Hi there\" dollar \$ amper \t sand \& and single \' quote NULL


Actual result:
--------------
Hi there" dollar $ amper sand & and single ' quote NULL

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-06 17:00 UTC] dave@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

I only saw one error in the documentation and have fixed it. Remember that octal representation is base 8, not base 10. \36 is not the '$' character, it is ASCII character 30, which is why your expected result and all its \<digits> are wrong.
 [2004-08-09 01:18 UTC] todd at magnifisites dot com 
Thanks for the response.  To clarify, which statement in the
addcslashes() documentation is incorrect?

"Use the ord() function to find the ASCII value for a character."

<?php
// OK, I'll give it a shot:
print ord('$'); // prints 36
?>

OK, I agree -- the ASCII value for the dollar sign character is 36.  Now, back to the documentation...

"charlist like "\0..\37", which would escape all characters with ASCII code between 0 and 37."

Example 1. addcslashes() example

<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\177..\377");
?>

<?php
// Following suit, I want to escape the dollar
// sign ($) character which has ASCII code 36,
// as just established in the previous code:
$escaped = addcslashes('$', "\36");
print $escaped; // prints $
// ...whereas...
$escaped = addcslashes('$', "\44"); // octal
print $escaped; // prints \$
?>

Conclusion:
The documentation states that characters with ASCII code lower than 32 and higher than 126 are converted to octal representation.  I can understand that.  However, as this example demonstrates, it seems the charlist parameter expects octal values, for any range, not just those characters with ASCII values < 32 or > 126.

Still confused.  Is it the second statement that is incorrect?  Does the charlist parameter always expect octal values?

Thanks -- Todd
 [2004-08-09 09:58 UTC] vrana@php.net 
You need to know that "\36" is the ASCII character number 30. Read http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double

If you want to escape $, use just addcslashes($str, '$');
 [2004-08-09 15:53 UTC] todd at magnifisites dot com 
>>If you want to escape $, use just addcslashes($str, '$');

(Smiling) Thanks, but I was merely using that as an example.  Indeed, I know how to accomplish my goal using the function, it's the documentation that is misleading.  On the one hand the documentation is referencing ASCII number ranges, then in the follow-up example it jumps to octal representation (using the double quotations).  And yes, your reference to the documentation regarding double-quoted strings turned on the lights -- thank you.  Please understand my good intentions here, trying to make the language and documentation the best it can be.  I highly recommend an update to the addcslashes manual pages to clarify the example is using octal representation.

Sincerely,
Todd
 [2020-02-07 06:11 UTC] phpdocbot@php.net 
Automatic comment on behalf of dave
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=b2b8bd442d185d2e105c37f85885110e494f9aed
Log: - Fix #28683.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 17 15:01:34 2024 UTC