|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16123 Strtok in 4.1.2 parses differently from 4.0.6
Submitted: 2002-03-17 04:46 UTC Modified: 2002-03-18 11:01 UTC
From: ben at sublimatic dot org Assigned:
Status: Closed Package: Strings related
PHP Version: 4.1.2 OS: Windows 2K Server / IIS5
Private report: No CVE-ID: None
 [2002-03-17 04:46 UTC] ben at sublimatic dot org
(I'm not a PHP expert, so please be patient! :)

I'm crudely checking user login details to authenticate users on my homepage. It's not great but it's been working in PHP4.0.6 for months. After upgrading to 4.1.2 this script no longer works. Reinstalling 4.0.6 fixes the problem.

My stored string of user/password pairs:
   $userlist = "+name1>password1+name2>password2+name3....";

$uname and $upass are POSTed to a script, and the following code is part of a function called to check that the user/password pair exists within $userlist.

Assume user enters their username "name2".

I validate the username in PHP4.0.6 with:
   $userfound = strstr($userlist, "+".$uname.">" );
   // Correctly gives me $userfound == "+name2>password2+name3...."
   if ($userfound)
   { // username found; get password
     $delims = "+>";
     strtok($userfound, $delims); // extract the user/password pair
     $storedname = strtok($delims);
     $storedpass = strtok($delims);

...and in PHP4.0.6 I get (as you might expect) $storedname == "name2" and $storedpass == "password2".

However, after upgrading to 4.1.2 (and everything else staying the same) my parsed strings become $storedname == "password2" and $storedpass == "name3". It doesn't matter whether there's additional text before the first delimiting "+".

I'm stumped! It looks like a bug to me, and I've searched the bug list for other strtok bugs, but none is the same as this.
Ben Harvey


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-17 04:55 UTC]
The (old) behaviour of strtok() was broken and has been fixed which effectively means the behaviour of strtok() has changed.

You may want to consider using explode() or split() instead of strtok().
 [2002-03-18 11:01 UTC] ben at sublimatic dot org
OK. I'll get back to my book and try it differently.

Thanks for your help.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Dec 01 04:01:29 2023 UTC