|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55200 str_getcsv parses lines incorrectly
Submitted: 2011-07-13 09:10 UTC Modified: 2015-05-19 14:47 UTC
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: dmitry dot dulepov at gmail dot com Assigned:
Status: Verified Package: Strings related
PHP Version: 5.6.9 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: dmitry dot dulepov at gmail dot com
New email:
PHP Version: OS:


 [2011-07-13 09:10 UTC] dmitry dot dulepov at gmail dot com
Putting a space around the separator *and* using quotes around fields adds 
spaces to the field. The following line:
"123" , "456"
should produce:
"123" and "456"
but it makes:
"123 " and " 456".

In the RFC4180 the specification suggests that if the field contains quotes, 
only the text inside quotes is the content of the field. Here is the formal 

record = field *(COMMA field)
field = (escaped / non-escaped)
non-escaped = *TEXTDATA

Thus spaces should appear in field only if the field is not quoted.

Test script:
print_r(str_getcsv('"123"  , "456" ', ',', '"'))

Expected result:
  0 => "123",
  1 => "456",

Actual result:
  0 => "123  ",
  1 => "456 ",


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-29 01:44 UTC] lonnyk at gmail dot com
str_getcsv is a conversion tool and not an input validator. Any invalid input is 
surely not going to work correctly and I do not think it is good practice to 
account for bad input b/c it would cause extra processing time when it is not 

If the input were:
var_dump(str_getcsv('"123" a , "456" ', ',', '"'))

what would you expect str_getcsv to do?
 [2011-07-29 05:42 UTC] dmitry dot dulepov at gmail dot com
It is not about input validation :) Your example is clearly invalid input. The 
function should fail and return FALSE. My example perfectly fits into formal CSV 
grammar, thus it is valid input. It is just parsed incorrectly.

I would not send you a bug about invalid input :)
 [2015-05-19 13:27 UTC]
-Status: Open +Status: Verified -Package: Unknown/Other Function +Package: Strings related
 [2015-05-19 13:27 UTC]
The given test input is not valid according to RFC 4180;
whitespace is not allowed between 'COMMA' and 'escaped'. However,
the current behavior of str_getcsv() doesn't make sense to me, see
<> and <>. Returning
FALSE or at least giving a warning or notice for such input seems
to be more appropriate.

By the way, fgetcsv() shows the same behavior.
 [2015-05-19 14:47 UTC]
Interestingly, whitespaces in front of an escaped field are simply
ignored, whereas other characters trigger the field to be read as
if it was not escaped, see <>.
 [2015-05-19 14:47 UTC]
-PHP Version: 5.3.6 +PHP Version: 5.6.9
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 22 05:01:30 2024 UTC