php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #40097 Using functions on each implode()-item
Submitted: 2007-01-11 07:44 UTC Modified: 2007-01-12 20:48 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: marcel dot normann at experimentierkasten dot de Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: 6CVS-2007-01-11 (CVS) OS: all
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marcel dot normann at experimentierkasten dot de
New email:
PHP Version: OS:

 

 [2007-01-11 07:44 UTC] marcel dot normann at experimentierkasten dot de 
Description:
------------
implode() is often used for doing such things like 

$sSql = "select * from somewhere where something in ('".implode("','",$aArray)."')";

This is nice for SQL injection. Maybe it would be a good idea to add a possibility to implode() for manipulating each implode()-item:

string implode ( string glue, array pieces [, callback callback])

$aArray = array('some','boring','items');
echo implode('-',$aArray,'ucfirst'); // = Some-Boring-Items

This example is not very usefull but imgine the use of mysql_escape_string() instead.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-11 08:09 UTC] derick@php.net 
You can use array walk for that:

array_walk(implode('-', $string), 'callbackFunc');
 [2007-01-12 20:48 UTC] marcel dot normann at experimentierkasten dot de 
Derick, you are right. But I have revised a lot of code from other developers last months and I found SQL injections made possible by unsecure use of implode() in almost every application. I think that situation can be improved by offering a callback in implode().
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Oct 06 16:01:26 2024 UTC