PHP :: Bug #10626 :: escaping doesn't work in the replacement clause

Bug #10626	escaping doesn't work in the replacement clause
Submitted:	2001-05-03 03:04 UTC	Modified:	2001-05-04 07:15 UTC
From:	hover at mi dot ru	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	4.0.5	OS:	FreeBSD 4.3
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-05-03 03:04 UTC] hover at mi dot ru

The problem is that preg_replace() ignores escaping of $nn sequence in the replacement string.
<?
$str = preg_replace("/a/", "\$1000", "test ... a ... test");
echo $str;
?>

test ... 00 ... test 

-----------
#!/usr/local/bin/perl -w

$_ = "test ... a ... test";
s/a/\$1000/;
print;
-----------
test ... $1000 ... test

This feature leads to impossibility of passing strings like '$1000' via phplib template variables.

PHP 4.0.4pl1, 4.0.5

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-05-03 08:04 UTC] cynic@php.net

You escaped the $1000 on the PHP level, so literal $1000 was sent to PCRE, where $10 was interpreted as a backreference, and since there aren't 10 capturing subpatterns in the pattern, you get an empty string for $10, and the rest is taken as a literal string.

Send further questions to php-general@ (after you RTFM, of course).

[2001-05-04 07:15 UTC] hover at mi dot ru

Thanks for educating me and sorry for waisting your time.
Though, phplib template.inc needs to be changed to work with such variables.

Something like this:

$tempvars = preg_replace("/\\$/", "\\\\\$", $this->varvals);

But it's a phplib's, not PHP thing. Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed May 07 05:01:27 2025 UTC