php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #60219 POSTDATA periods (.) being converted to underscores (_)
Submitted: 2011-11-04 14:04 UTC Modified: 2021-07-02 15:37 UTC
Votes:16
Avg. Score:4.4 ± 1.1
Reproduced:15 of 15 (100.0%)
Same Version:9 (60.0%)
Same OS:9 (60.0%)
From: kieran at menor dot dk Assigned:
Status: Suspended Package: Unknown/Other Function
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kieran at menor dot dk
New email:
PHP Version: OS:

 

 [2011-11-04 14:04 UTC] kieran at menor dot dk 
Description:
------------
This is documented "intended" behavior as per this section of the manual:

http://www.php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names

I'm guessing it's a leftover from back when register_globals a common thing. It's been reported as a bug before a long time ago, and dismissed:

https://bugs.php.net/bug.php?id=30956

... but this is 2011, and I think it's worth giving it another go. Here's why:

First of all, nobody assigns POSTDATA directly to variables anymore. It all goes through $_POST;
Secondly, the claim that you can't have periods in variable names is bogus (see test script).
Lastly, the period is a good seperator to have available, and I understand that certain services such as OpenID depend on it, as noted here: http://stackoverflow.com/questions/68651/can-i-get-php-to-stop-replacing-characters-in-get-or-post-arrays#1939911

Test script:
---------------
${'sure.you.can'} = 'Foo';
var_dump($GLOBALS['sure.you.can']);

Patches

preserve-external-variable-names-ini-option (last revision 2012-01-24 00:11 UTC by kenaniah at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-04 14:10 UTC] kieran at menor dot dk 
Not to mention, it's also potentially confusing and unexpected behavior for people who didn't happen to read that tiny paragraph of the manual.
 [2011-11-15 04:20 UTC] pablitobof at yahoo dot com dot mx 
PHP 5.4 alpha1 has just been released which removes register_globals.  It seems appropriate that there would be a matching move towards removing the now unnecessary translation of characters in requests.
 [2012-01-23 20:08 UTC] kcerny at wirelesscapital dot com 
The relevant code is found in the source file main/php_variables.c at line 94:

        /* ensure that we don't have spaces or dots in the variable name (not 
binary safe) */
        for (p = var; *p; p++) {
                if (*p == ' ' || *p == '.') {
                        *p='_';
                } else if (*p == '[') {
                        is_array = 1;
                        ip = p;
                        *p = 0;
                        break;
                }
        }

I'm not sure what repercussions we'll face by removing that first if statement. 
I would suggest controlling this replacement behavior using an INI setting for 
backwards compatibility.
 [2012-01-23 22:32 UTC] tim at xi dot co dot nz 
See: 

https://wiki.php.net/rfc/url_dots
 [2021-05-28 18:06 UTC] nospam at unclassified dot de 
I just ran into this as well. I set a cookie with setcookie() and it just wasn't read anymore. Firefox showed it to me but PHP was just blind. Dumping $_COOKIE showed me another cookie with an underscore where I had put a dot. PHP still does that crap from the last century.

Doesn't seem like anybody at the PHP team cares about doing things right for once. How typical. I guess PHP remains a hacky language forever, not suitable for serious work.

PS: Voting is broken in this bug tracker, too. I voted and got an empty page. Probably an unhandled server error, due to some weirdness of the PHP language.
 [2021-05-28 18:11 UTC] ggggh dot fggg at fghb dot cf 
and why can't you just not use a-z and underlines like every normal human being does for variable names?
 [2021-07-02 15:37 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2021-07-02 15:37 UTC] cmb@php.net 
This change would constitute a serious BC break, and such requires
the RFC process[1].  Instead of complaining, just do the work.
Thanks!

[1] <https://wiki.php.net/rfc/howto>
 [2021-07-22 19:15 UTC] nospam at unclassified dot de 
Sorry, that's your process not mine. To me, this isn't a serious BC break but just a serious PITA. And a laughable behaviour of a notoriously unprofessional language (which it will probably remain forever, because of BC).
 [2021-07-22 19:22 UTC] rtrtrtrtrt at dfdfdfdf dot dfd 
> And a laughable behaviour of a notoriously unprofessional language

funny when people using non-alphanumeric chars for variables talking about unprofessional
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 15 12:01:29 2025 UTC