|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45515 addslashes() function modifies a $_POST variable even if you dont want
Submitted: 2008-07-14 22:46 UTC Modified: 2008-07-14 23:41 UTC
From: andresipm at yahoo dot com Assigned:
Status: Not a bug Package: Variables related
PHP Version: 5.2.6 OS: windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
42 + 5 = ?
Subscribe to this entry?

 [2008-07-14 22:46 UTC] andresipm at yahoo dot com
In the form enter a string with a quote anywhere. Clic several times the submit button.

In the next code, it is supposed that the user will never excecute the addslashes() function inside the if statement.

However, the value of the $_POST variable is changed and added slashes!!!!

Reproduce code:
if( false ){
    $sss=	$_POST["nameP"];
	$sss= addslashes( $sss );
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>nooh shit</title>
<form id="form1" name="form1" method="post" action="">
  Enter the string "any'string" and send:<input name="nameP" type="text" value="<?=$_POST["nameP"]?>" />
  <input type="submit" name="enviar" id="enviar" value="Send" />

Expected result:
The expected result is that the $_POST variable keep its value:

original string: any'string
several submits later: any'string

Actual result:
The actual result is something like this:

original string: any'string
several submits later: any\\\\\\\\\\'string


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-14 23:41 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 22 12:01:30 2024 UTC