PHP :: Bug #15711 :: addslashes does not always add slashes

Bug #15711

addslashes does not always add slashes

Submitted:

2002-02-25 07:01 UTC

Modified:

2002-02-26 05:41 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

michielu at gimo dot dhs dot org

Assigned:

Status:

Not a bug

Package:

Unknown/Other Function

PHP Version:

4.0.6

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	michielu at gimo dot dhs dot org
New email:
PHP Version:		OS:

New Comment:

[2002-02-25 07:01 UTC] michielu at gimo dot dhs dot org

I've added verbose reports in case this report is influences by addslashes as well.

the following simple test:
<?php
    echo addslashes("' \' \\' \\\'\n");
    echo stripslashes(addslashes("' \' \\' \\\'\n"));
?>

(i.e.: quote, slash quote, double slash quote, triple slash quote) is expected to yield (escape each slash and each quote):
\' \\\' \\\\\' \\\\\\\'
' \' \\' \\\'

(ie addslashes should yield slash quote, triple slash quote, five times slash quote, seven times slash quote, stripslashes should yield quote, slash quote, double slash quote, triple slash quote).

Instead, addslashes does not appear to quote properly and this is what I get:
\' \\\' \\\' \\\\\'
' \' \' \\'

(addslashes: slash quote, triple slash quote, triple slash quote, five times slash quote. stripslashes on this output: quote, slash quote, slash quote, double slash quote).

Obviously, this makes addslashes kind-of useless if you get escaped input. Yes, my database queries will not fail and that would be the primary use of addslashes.

It appears that the escaped quote of the second and third combination (double slash quote and triple slash quote) is not translated to the expected triple slash quote (i.e. an escaped slash plus an escaped quote).

Here's the configure line if it is of any use:
'./configure' '--with-apache=../apache' '--with-mysql=/usr' '--with-openssl' '--with-zlib' '--enable-debug=no' '--enable-safe-mode=no' '--enable-discard-path=no' '--with-gd' '--with-ttf' '--enable-gd-imgstrttf' '--enable-gd-native-ttf' '--with-png-dir=/usr/lib' '--with-jpeg-dir=/usr/lib' '--enable-magic-quotes' '--enable-ftp' '--enable-memory-limit'

and I disabled magic_quotes_gpc in a local .htaccess

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-26 05:37 UTC] michielu at gimo dot dhs dot org

I checked the code and the output/input for cgi and module versions and the actual problem I am running into does not seem to be in the addslashes routine, so I am closing this bug report. Apologies to anyone that took the time to read this.

[2002-02-26 05:41 UTC] sander@php.net

For the stats: both addslashes and stripslashes behave as expected.
This is your problem:
echo "' \' \\' \\\'";
is evaluated by PHP and becomes ' \' \' \\' which is expected behaviour as \\ means \.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 08:00:02 2025 UTC