php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33067 $_POST[] issue.
Submitted: 2005-05-19 16:59 UTC Modified: 2005-05-20 17:48 UTC
From: admin at ninthcircuit dot info Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.11 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
48 + 24 = ?
Subscribe to this entry?

 
 [2005-05-19 16:59 UTC] admin at ninthcircuit dot info 
Description:
------------
Basically I'm wondering why PHP adds an escape character when a "\" is submitted in a form (register globals is off). My apologies in advance if this bug has already been reported or declared "bogus" in some other URL. I didn't find any similar bug like when I did the advanced search, so I thought I'd submit it.

Reproduce code:
---------------
<?php
  /* The below code is a form that will submit
   *    the field information to itself.
   * To see the problem, simply type in "te\st"
   *    (without quotes) in the text field.
   *
   * Once PHP has finished parsing the script
   *    and displays the input back to the user,
   *    it shows up as "te\\st" instead of what
   *    was expected: "te\st". Consequently, if I
   *    resubmit it unmodified, it will appear
   *    as "te\\\\st".
   * 
   * PHP continues to escape the $_POST'ed string, 
   *    when clearly it really shouldn't. */
  print "<form action=".$_SERVER['PHP_SELF']." method=post>
   <input type=text name=test value=\"".$_POST['test']."\">
   <input type=submit name=submit value=Result>";

Expected result:
----------------
I expect to see the result of the inputted data to be returned "as-is" -- that is, I expect the data to have the same appearance as when I sent it.

Actual result:
--------------
As previously mentioned, PHP returns a semi-anticipated result, with all backslash characters escaped. This produces an undesirable "recursive" effect, nearly doubling the number of escapes each time the form is submitted to itself.

This could be the result of the version of PHP I'm currently working with, however. If it is, what kind of workaround can I get for this problem?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-19 18:08 UTC] rasmus@php.net 
That's an RTFM - turn off magic_quotes_gpc if you don't want it to do this for you.
 [2005-05-20 13:56 UTC] admin at ninthcircuit dot info 
My mistake for not mentioning this other detail:

Rasmus:

That setting is all good and well if you're running with administrator privileges on the machine/s... but what alternatives are available in PHP if you're not?

I'm using PHP with a commercial web host who, more than likely, is not going to toggle this option for me (other user's accounts may in fact depend on this feature).
 [2005-05-20 17:25 UTC] rasmus@php.net 
Again, RTFM.  The bug database is not a support mechanism.  Use stripslashes().
 [2005-05-20 17:48 UTC] admin at ninthcircuit dot info 
Thanks for your assistance, Rasmus. I appreciate you going through all the trouble of answering this anyways. :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 10:01:29 2024 UTC