php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45515 addslashes() function modifies a $_POST variable even if you dont want
Submitted: 2008-07-14 22:46 UTC Modified: 2008-07-14 23:41 UTC
From: andresipm at yahoo dot com Assigned:
Status: Not a bug Package: Variables related
PHP Version: 5.2.6 OS: windows XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andresipm at yahoo dot com
New email:
PHP Version: OS:

 

 [2008-07-14 22:46 UTC] andresipm at yahoo dot com
Description:
------------
In the form enter a string with a quote anywhere. Clic several times the submit button.

In the next code, it is supposed that the user will never excecute the addslashes() function inside the if statement.

However, the value of the $_POST variable is changed and added slashes!!!!

Reproduce code:
---------------
<?php
if( false ){
    $sss=	$_POST["nameP"];
	$sss= addslashes( $sss );
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>nooh shit</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="">
  Enter the string "any'string" and send:<input name="nameP" type="text" value="<?=$_POST["nameP"]?>" />
  <input type="submit" name="enviar" id="enviar" value="Send" />
</form>
</body>
</html>

Expected result:
----------------
The expected result is that the $_POST variable keep its value:

original string: any'string
several submits later: any'string



Actual result:
--------------
The actual result is something like this:

original string: any'string
several submits later: any\\\\\\\\\\'string

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-14 23:41 UTC] jani@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 15 18:01:30 2024 UTC