php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #40097 Using functions on each implode()-item
Submitted: 2007-01-11 07:44 UTC Modified: 2007-01-12 20:48 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: marcel dot normann at experimentierkasten dot de Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: 6CVS-2007-01-11 (CVS) OS: all
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-01-11 07:44 UTC] marcel dot normann at experimentierkasten dot de 
Description:
------------
implode() is often used for doing such things like 

$sSql = "select * from somewhere where something in ('".implode("','",$aArray)."')";

This is nice for SQL injection. Maybe it would be a good idea to add a possibility to implode() for manipulating each implode()-item:

string implode ( string glue, array pieces [, callback callback])

$aArray = array('some','boring','items');
echo implode('-',$aArray,'ucfirst'); // = Some-Boring-Items

This example is not very usefull but imgine the use of mysql_escape_string() instead.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-11 08:09 UTC] derick@php.net 
You can use array walk for that:

array_walk(implode('-', $string), 'callbackFunc');
 [2007-01-12 20:48 UTC] marcel dot normann at experimentierkasten dot de 
Derick, you are right. But I have revised a lot of code from other developers last months and I found SQL injections made possible by unsecure use of implode() in almost every application. I think that situation can be improved by offering a callback in implode().
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 17 20:01:35 2024 UTC