php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33067 $_POST[] issue.
Submitted: 2005-05-19 16:59 UTC Modified: 2005-05-20 17:48 UTC
From: admin at ninthcircuit dot info Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.11 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: admin at ninthcircuit dot info
New email:
PHP Version: OS:

 

 [2005-05-19 16:59 UTC] admin at ninthcircuit dot info
Description:
------------
Basically I'm wondering why PHP adds an escape character when a "\" is submitted in a form (register globals is off). My apologies in advance if this bug has already been reported or declared "bogus" in some other URL. I didn't find any similar bug like when I did the advanced search, so I thought I'd submit it.

Reproduce code:
---------------
<?php
  /* The below code is a form that will submit
   *    the field information to itself.
   * To see the problem, simply type in "te\st"
   *    (without quotes) in the text field.
   *
   * Once PHP has finished parsing the script
   *    and displays the input back to the user,
   *    it shows up as "te\\st" instead of what
   *    was expected: "te\st". Consequently, if I
   *    resubmit it unmodified, it will appear
   *    as "te\\\\st".
   * 
   * PHP continues to escape the $_POST'ed string, 
   *    when clearly it really shouldn't. */
  print "<form action=".$_SERVER['PHP_SELF']." method=post>
   <input type=text name=test value=\"".$_POST['test']."\">
   <input type=submit name=submit value=Result>";

Expected result:
----------------
I expect to see the result of the inputted data to be returned "as-is" -- that is, I expect the data to have the same appearance as when I sent it.

Actual result:
--------------
As previously mentioned, PHP returns a semi-anticipated result, with all backslash characters escaped. This produces an undesirable "recursive" effect, nearly doubling the number of escapes each time the form is submitted to itself.

This could be the result of the version of PHP I'm currently working with, however. If it is, what kind of workaround can I get for this problem?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-19 18:08 UTC] rasmus@php.net
That's an RTFM - turn off magic_quotes_gpc if you don't want it to do this for you.
 [2005-05-20 13:56 UTC] admin at ninthcircuit dot info
My mistake for not mentioning this other detail:

Rasmus:

That setting is all good and well if you're running with administrator privileges on the machine/s... but what alternatives are available in PHP if you're not?

I'm using PHP with a commercial web host who, more than likely, is not going to toggle this option for me (other user's accounts may in fact depend on this feature).
 [2005-05-20 17:25 UTC] rasmus@php.net
Again, RTFM.  The bug database is not a support mechanism.  Use stripslashes().
 [2005-05-20 17:48 UTC] admin at ninthcircuit dot info
Thanks for your assistance, Rasmus. I appreciate you going through all the trouble of answering this anyways. :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 14:01:30 2024 UTC