php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #15711 addslashes does not always add slashes
Submitted: 2002-02-25 07:01 UTC Modified: 2002-02-26 05:41 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: michielu at gimo dot dhs dot org Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-02-25 07:01 UTC] michielu at gimo dot dhs dot org 
I've added verbose reports in case this report is influences by addslashes as well.

the following simple test:
<?php
    echo addslashes("' \' \\' \\\'\n");
    echo stripslashes(addslashes("' \' \\' \\\'\n"));
?>

(i.e.: quote, slash quote, double slash quote, triple slash quote) is expected to yield (escape each slash and each quote):
\' \\\' \\\\\' \\\\\\\'
' \' \\' \\\'

(ie addslashes should yield slash quote, triple slash quote, five times slash quote, seven times slash quote, stripslashes should yield quote, slash quote, double slash quote, triple slash quote).

Instead, addslashes does not appear to quote properly and this is what I get:
\' \\\' \\\' \\\\\'
' \' \' \\'

(addslashes: slash quote, triple slash quote, triple slash quote, five times slash quote. stripslashes on this output: quote, slash quote, slash quote, double slash quote).

Obviously, this makes addslashes kind-of useless if you get escaped input. Yes, my database queries will not fail and that would be the primary use of addslashes.

It appears that the escaped quote of the second and third combination (double slash quote and triple slash quote) is not translated to the expected triple slash quote (i.e. an escaped slash plus an escaped quote).

Here's the configure line if it is of any use:
'./configure' '--with-apache=../apache' '--with-mysql=/usr' '--with-openssl' '--with-zlib' '--enable-debug=no' '--enable-safe-mode=no' '--enable-discard-path=no' '--with-gd' '--with-ttf' '--enable-gd-imgstrttf' '--enable-gd-native-ttf' '--with-png-dir=/usr/lib' '--with-jpeg-dir=/usr/lib' '--enable-magic-quotes' '--enable-ftp' '--enable-memory-limit'

and I disabled magic_quotes_gpc in a local .htaccess

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 05:37 UTC] michielu at gimo dot dhs dot org 
I checked the code and the output/input for cgi and module versions and the actual problem I am running into does not seem to be in the addslashes routine, so I am closing this bug report. Apologies to anyone that took the time to read this.
 [2002-02-26 05:41 UTC] sander@php.net 
For the stats: both addslashes and stripslashes behave as expected.
This is your problem:
echo "' \' \\' \\\'";
is evaluated by PHP and becomes ' \' \' \\' which is expected behaviour as \\ means \.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 21:01:31 2024 UTC