PHP :: Bug #13520 :: Wrong handling of the escape characters.

Bug #13520	Wrong handling of the escape characters.
Submitted:	2001-10-02 16:06 UTC	Modified:	2001-10-02 19:46 UTC
From:	mcdouglas at angelfire dot com	Assigned:
Status:	Not a bug	Package:	Output Control
PHP Version:	4.0.6	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mcdouglas at angelfire dot com
New email:
PHP Version:		OS:

New Comment:

[2001-10-02 16:06 UTC] mcdouglas at angelfire dot com

In a html: <a href="test.php?str=some'thing">test</a>

And the test.php:
<?
echo $str;
?>

I used the win32 binary version of the php.

In the link I put the "some'thing" into the str variable whivh will pass to the script if i click on the Testlink.

I read in the manual the ' " \ are special character, and I must escape them with a \. Ok, I didn't used the \ before the ' in the something text, so I think the normal is that I get some error message...
But no: thw script will output the "some\'thing" text... which are funy because if I put the $str into a database (with a mysql_query) it will contain the original text: some'thing.

And if I use the \ in my link (like this: test.php?str=some\'thing) then the script will output the "some\\\'thing"... But I think it must output the "some'thing" because I used the \ before the '.

So, could be this a bug? I think so...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-10-02 16:24 UTC] zak@php.net

This is not a bug. There is a configuration setting that 
controls this behavior.

Review the configuration section of the manual  
(http://www.php.net/manual/en/configuration.php)
Specifically, read the entries on them magic_quotes 
directives.

[2001-10-02 19:46 UTC] jeroen@php.net

And you're mixing up a PHP enviroment and a HTML enviroment. They both have their own rules for escaping. See the HTML specs for how HTML handles things

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC