|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13520 Wrong handling of the escape characters.
Submitted: 2001-10-02 16:06 UTC Modified: 2001-10-02 19:46 UTC
From: mcdouglas at angelfire dot com Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.0.6 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: mcdouglas at angelfire dot com
New email:
PHP Version: OS:


 [2001-10-02 16:06 UTC] mcdouglas at angelfire dot com
In a html: <a href="test.php?str=some'thing">test</a>

And the test.php:
echo $str;

I used the win32 binary version of the php.

In the link I put the "some'thing" into the str variable whivh will pass to the script if i click on the Testlink.

I read in the manual the ' " \ are special character, and I must escape them with a \. Ok, I didn't used the \ before the ' in the something text, so I think the normal is that I get some error message...
But no: thw script will output the "some\'thing" text... which are funy because if I put the $str into a database (with a mysql_query) it will contain the original text: some'thing.

And if I use the \ in my link (like this: test.php?str=some\'thing) then the script will output the "some\\\'thing"... But I think it must output the "some'thing" because I used the \ before the '.

So, could be this a bug? I think so... 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-02 16:24 UTC]
This is not a bug. There is a configuration setting that 
controls this behavior.

Review the configuration section of the manual  
Specifically, read the entries on them magic_quotes 

 [2001-10-02 19:46 UTC]
And you're mixing up a PHP enviroment and a HTML enviroment. They both have their own rules for escaping. See the HTML specs for how HTML handles things
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jul 17 11:01:28 2024 UTC