|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #45272 no ini setting to inhibit conversion of dots to underscores in $_REQUEST
Submitted: 2008-06-14 23:01 UTC Modified: 2012-02-26 07:48 UTC
Avg. Score:4.4 ± 0.7
Reproduced:14 of 14 (100.0%)
Same Version:3 (21.4%)
Same OS:9 (64.3%)
From: tavin dot cole at gmail dot com Assigned:
Status: Open Package: *Web Server problem
PHP Version: 5.2.6 OS: any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: tavin dot cole at gmail dot com
New email:
PHP Version: OS:


 [2008-06-14 23:01 UTC] tavin dot cole at gmail dot com
It's well known that PHP converts dots to underscores for incoming variable names.  This is very frustrating when writing modern PHP code with register_globals off and using $_REQUEST etc. instead.

It's been stated this will not be changed due to BC issues.

Why not introduce an INI setting to inhibit this behavior?

Thanks for your consideration.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-15 17:52 UTC] tavin dot cole at gmail dot com
the following is a trivial patch for those needing a workaround to this problem.  it only inhibits the munging of dots and doesn't address things like spaces and square brackets.  it also doesn't address introducing an INI setting.

diff -ru php-5.2.6._dist/main/php_variables.c php-5.2.6._mine/main/php_variables.c
--- php-5.2.6._dist/main/php_variables.c        2007-12-31 07:20:15.000000000 +0000
+++ php-5.2.6._mine/main/php_variables.c        2008-06-14 23:34:25.000000000 +0000
@@ -91,7 +91,7 @@
        /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
        for (p = var; *p; p++) {
-               if (*p == ' ' || *p == '.') {
+               if (*p == ' ' /*|| *p == '.'*/) {
                } else if (*p == '[') {
                        is_array = 1;
 [2012-02-26 07:48 UTC]
-Package: Feature/Change Request +Package: *Web Server problem
 [2012-05-14 03:18 UTC] pravdin at vl dot ru
In PHP 5.4 INI the register_globals setting was removed finally. So, this atricle in documentation become not true:

"Dots in incoming variable names

Typically, PHP does not alter the names of variables when they are passed into a script. However, it should be noted that the dot (period, full stop) is not a valid character in a PHP variable name."

Because external variables will never become internal variables, translation dots to underscores become senseless. 

Please, add an INI setting to disable dots to underscores translation!
 [2018-07-18 12:03 UTC] strijbol dot niko at gmail dot com
Has there been any progress on this?
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Jul 17 06:01:26 2019 UTC