php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53646 Brackets being replaced with hash
Submitted: 2011-01-04 07:41 UTC Modified: 2011-01-04 07:44 UTC
From: phil dot allen at internode dot on dot net Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.3.4 OS: Win x64
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: phil dot allen at internode dot on dot net
New email:
PHP Version: OS:

 

 [2011-01-04 07:41 UTC] phil dot allen at internode dot on dot net
Description:
------------
When concatenating two strings, brackets are being replaced by hashes (#).

Test script:
---------------
$data1 = '\'2011-1-1';
$data2 = '\' AS DATE)|CAST(';
echo $data1 . $data2;

Expected result:
----------------
'2011-1-1' AS DATE)|CAST( 

Actual result:
--------------
'2011-1-1' AS DATE#|CAST# 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-04 07:44 UTC] rasmus@php.net
-Status: Open +Status: Bogus
 [2011-01-04 07:44 UTC] rasmus@php.net
There is no chance this is PHP doing that.  You must have something else going on 
here.
 [2011-01-04 23:25 UTC] phil dot allen at internode dot on dot net
After further investigation it appears that Microsoft is the culprit.  The code was being run in a popup window created by a javascript call to window.open(). Internet Explorer was then modifying the output of teh page to 'prevent cross-site scripting'.
 [2011-01-20 06:01 UTC] anon at anon dot com
>The code was being run in a popup window created by a javascript call to window.open()

Please tell me you aren't attempting to pass SQL code through the user's browser.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 15:01:32 2024 UTC