Description:
------------
Hello,

according to Bug #43253, there are missing/incorrect infos in the documentation.

> not allowed ...
> (Or in superglobal key names because of register_globals)

It's no problem to use:
| <?php
| error_reporting(E_ALL | E_STRICT);
| 
| $_GET["a\0aa"] = 'test';
| var_dump($_GET);
| ?>
No Warning, no error. --> working --> allowed ;-)


> null is not allowed in PHP variable names.

OK, that's according to the manual [1]:
| A valid variable name starts with a letter or underscore, followed
| by any number of letters, numbers, or underscores. As a regular
| expression, it would be expressed thus:
| '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'

But on this page [2] I can't read, that the variable name with "\0" will be stripped off. Because is it's not allowed, there should be no variable.

And what's about variables with non printable chars? These names are also not allowed (see above), but working. And I can't read anything about this behaviour:
| <?php
| error_reporting(E_ALL | E_STRICT);
| 
| $a = "a\x10aa";
| $$a = 'test';
| var_dump($$a);
| ?>
Via a GET request this is:
| <a href="?a%10aa=test">Testlink</a>

These infos are also missing in the documentation for parse_str() [3].

Don't you think it's better, the replace all this chars with "_" if they are comming from a GET request?

BTW:
On this page [2], I can only read that a "." will be replaced with "_". But not, that a " " will also be replaced.


Conclusion:
If the PHP behaviour is correct, this should all be documented in the PHP manual.

Regards,
Carsten

[1] http://www.php.net/manual/en/language.variables.php
[2] http://www.php.net/manual/en/language.variables.external.php
[3] http://de.php.net/manual/en/function.parse-str.php