php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #44585 htmlentities returns empty string when operation on a null value
Submitted: 2008-04-01 03:14 UTC Modified: 2020-01-05 11:14 UTC
Votes:28
Avg. Score:3.1 ± 0.4
Reproduced:2 of 4 (50.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: eran at octabox dot com Assigned:
Status: Suspended Package: Strings related
PHP Version: 5.2.5 OS: Windows XP Professional SP2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: eran at octabox dot com
New email:
PHP Version: OS:

 

 [2008-04-01 03:14 UTC] eran at octabox dot com 
Description:
------------
The htmlentities function returns an empty string when used on a null value. This might seem irrelevant, however the htmlentities is used regularly to escape data before using it in a database query. A null value might be needed in such queries, and it would be preferred if it does not need to be considered a special case if a part of an data escaping routine.

For example, the Zend_Filter_Input component of the Zend_Framework uses htmlentities as the default escape filter. Passing null values in an escape routing would result in null values erroneously being converted to empty strings. 

Reproduce code:
---------------
var_dump(htmlentities(null));

Expected result:
----------------
NULL

Actual result:
--------------
string(0) ""

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-31 00:19 UTC] cmb@php.net
-Package: Feature/Change Request +Package: Strings related
 [2020-01-05 11:14 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2020-01-05 11:14 UTC] cmb@php.net 
htmlentities() expects a string as first argument, and due to
PHP's type juggling a NULL is converted to an empty string.  If
you want to have that changed, please pursue the RFC process[1].

[1] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC