php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53646 Brackets being replaced with hash
Submitted: 2011-01-04 07:41 UTC Modified: 2011-01-04 07:44 UTC
From: phil dot allen at internode dot on dot net Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.3.4 OS: Win x64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: phil dot allen at internode dot on dot net
New email:
PHP Version: OS:

 

 [2011-01-04 07:41 UTC] phil dot allen at internode dot on dot net 
Description:
------------
When concatenating two strings, brackets are being replaced by hashes (#).

Test script:
---------------
$data1 = '\'2011-1-1';
$data2 = '\' AS DATE)|CAST(';
echo $data1 . $data2;

Expected result:
----------------
'2011-1-1' AS DATE)|CAST( 

Actual result:
--------------
'2011-1-1' AS DATE#|CAST#

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-04 07:44 UTC] rasmus@php.net
-Status: Open +Status: Bogus
 [2011-01-04 07:44 UTC] rasmus@php.net 
There is no chance this is PHP doing that.  You must have something else going on 
here.
 [2011-01-04 23:25 UTC] phil dot allen at internode dot on dot net 
After further investigation it appears that Microsoft is the culprit.  The code was being run in a popup window created by a javascript call to window.open(). Internet Explorer was then modifying the output of teh page to 'prevent cross-site scripting'.
 [2011-01-20 06:01 UTC] anon at anon dot com 
>The code was being run in a popup window created by a javascript call to window.open()

Please tell me you aren't attempting to pass SQL code through the user's browser.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 11:01:30 2024 UTC