PHP :: Bug #81635 :: No example of complex interpolation syntax with filenames

Bug #81635

No example of complex interpolation syntax with filenames

Submitted:

2021-11-18 11:06 UTC

Modified:

2021-11-18 14:29 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

shealavington at gmail dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

8.0.12

OS:

Windows 10

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	shealavington at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2021-11-18 11:06 UTC] shealavington at gmail dot com

Description:
------------
When curly braces are escaped within a string "", the back-slash isn't removed \{. For example `"hello\{$foo}"` is outputting `hello\{bar}` instead of `hello{bar}`

Test script:
---------------
<?php

$foo = "bar";
$test_script = "hello\{$foo}"

//- Explanation output below.

echo "If `\` is the escape character, why are the escaped characters and the escape character both shown?<br>";
echo "Res: <b>c:\path\hello\{$foo}</b><br>";
echo "Expected: <b>c:\path\hello"."{"."$foo}</b><br>";

echo "<br>Notice how in this example, I haven't used a `\` but the `{}` characters are gone when not escaped?<br>";
echo "Res: <b>c:\path\hello{$foo}</b><br>";

echo "<br>If I use `\ n`, it replaces the `\`, I don't see `\ n` like I do in the first example above.<br>";
echo "Res: <b>c:\path\hello\note\{$foo}</b><br>";

Expected result:
----------------
`hello{bar}`

Actual result:
--------------
`hello\{bar}`

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-11-18 11:21 UTC] cmb@php.net

-Status: Open +Status: Not a bug -Package: *General Issues +Package: Scripting Engine problem -Assigned To: +Assigned To: cmb

[2021-11-18 11:21 UTC] cmb@php.net

The docs do not list \$ as escape sequence[1].  They are actually
very explicit about that[2]:

| Since { can not be escaped, […]

What you're looking for is <https://3v4l.org/hndfP>.

[1] <https://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double>
[2] <https://www.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex>

[2021-11-18 11:26 UTC] shealavington at gmail dot com

I now see that `\{` is not an escape sequence. However, that doesn't explain why the following

```
$foo = "bar";
var_dump("hello\{$foo}");
```

outputs `"hello\{bar}"` instead of `"hello\bar"`... The curly braces should act as a variable wrap and should therefore be removed? 

Please do correct me if I'm mis-understanding here.

[2021-11-18 11:31 UTC] shealavington at gmail dot com

Notice how with this example I actually get one output with curlys and one without, which would suggest to me that there is a bug in the template parsing.

```
$foo = "bar";
var_dump("hello\{$foo}");
var_dump("hello\x{$foo}x");
```

[2021-11-18 11:40 UTC] cmb@php.net

-Status: Not a bug +Status: Open

[2021-11-18 11:40 UTC] cmb@php.net

Yeah, this is actually unclear.

    "hello\{$foo}"

This looks like complex string interpolation syntax, but is
apparently parsed as simple string interpolation syntax, so $foo
is being replaced with its value.  So, I assume, that the
backslash acts as escape for the open *and* the closing curly
braces.

[2021-11-18 11:56 UTC] shealavington at gmail dot com

Indeed unclear, and most confusing.

I'm working with a filesystem path within a larger string. 

I need to insert my variable after a backslash. 

For simplicity, we're using curly braces around all of our variables used within the string, and this situation doesn't allow us to do so.

```
$foo = 'bar';
$newFoo = "(FILENAME='C:\folder\{$var}.txt')"
```
outputs a string with a now invalid file path due to the parsing inconsistency.
```
(FILENAME='C:\folder\{bar}.txt')
```
As you mentioned, `\{` should not be escaping, but does.

Hopefully this issue can be looked into being fixed for later versions.

[2021-11-18 13:37 UTC] cmb@php.net

-Summary: When curly braces are escaped, the back-slash isn't removed \{ +Summary: \{ is a valid escape sequence in double-quoted strings

[2021-11-18 13:37 UTC] cmb@php.net

Thanks for the further clarification!

> $newFoo = "(FILENAME='C:\folder\{$var}.txt')"

You really should escape the backslashes in the first place;
then you get the desired output: <https://3v4l.org/EKFq2>.

> As you mentioned, `\{` should not be escaping, but does.

Indeed: <https://3v4l.org/lLZqF>.  That needs to be fixed in the
docs.

[2021-11-18 13:44 UTC] cmb@php.net

-Summary: \{ is a valid escape sequence in double-quoted strings +Summary: \{ has special meaning in double-quoted strings

[2021-11-18 13:55 UTC] cmb@php.net

-Summary: \{ has special meaning in double-quoted strings +Summary: No example of complex interpolation syntax with filenames

[2021-11-18 13:55 UTC] cmb@php.net

Nah, there is nothing special about \{[1]:

| As in single quoted strings, escaping any other character will
| result in the backslash being printed too.

Still, it makes sense to add an example, since backslashes in
filenames and the given use-case are common on Windows. 

[1] <https://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double>

[2021-11-18 14:18 UTC] git@php.net

Automatic comment on behalf of cmb69
Revision: https://github.com/php/doc-en/commit/59244d9ae93cc5059a07c7eadf36b02a1704512c
Log: Fix #81635: No example of complex interpolation syntax with filenames

[2021-11-18 14:18 UTC] git@php.net

-Status: Assigned +Status: Closed

[2021-11-18 14:18 UTC] shealavington at gmail dot com

Regarding the comment from the docs, it states specifically in single-quoted strings. I am doing this in a double-quoted string. I'm not sure if that poses an issue or just a documentation change.

| As in single-quoted strings, escaping any other character will result in the backslash being printed too.

In reference to escaping file paths, I completely agree they should be, however, due to legacy systems in place, I'm trying to not modify too much of the original code.

[2021-11-18 14:29 UTC] cmb@php.net

> As in single-quoted strings, […]

That means "like in single-quoted strings". :)

You can often get away without escapting literal backslashes,
but you should not rely on that, especially in double-quoted
strings, since new escape sequences might be introduced, breaking
your code; e.g. \e has been introduced with 5.4.4.

> […] however, due to legacy systems in place, I'm trying to not
> modify too much of the original code.

Understandable, but we can't change long-standing and mostly
well-documented behavior just because of that. :)

[2021-11-18 14:49 UTC] shealavington at gmail dot com

> Understandable, but we can't change long-standing and mostly well-documented behavior just because of that. :)

I completely agree, I appreciate your comments! Ah, Perhaps a misunderstanding, I consider `'` a single-quoted string and `"` a double-quoted string haha. There's too much technical jargon to consider when you're deep in an issue.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 22:01:30 2025 UTC