php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #62315 str_replace() to accept search as a string while replace is an array
Submitted: 2012-06-13 16:28 UTC Modified: 2015-01-09 12:05 UTC
Votes:4
Avg. Score:3.5 ± 1.5
Reproduced:3 of 4 (75.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: narf at devilix dot net Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: narf at devilix dot net
New email:
PHP Version: OS:

 

 [2012-06-13 16:28 UTC] narf at devilix dot net 
Description:
------------
---
From manual page: http://www.php.net/function.str-replace#refsect1-function.str-replace-parameters
---

> If search and replace are arrays, then str_replace() takes a value from each array and uses them to search and replace on subject. If replace has fewer values than search, then an empty string is used for the rest of replacement values. If search is an array and replace is a string, then this replacement string is used for every value of search. The converse would not make sense, though.

That last sentence is what bothers me, as I have a use case where it DOES make sense. In the patch below (line 646), I assumed that this is an accepted behavior:

https://github.com/EllisLab/CodeIgniter/commit/10cbdf091b3cdbc72847dad28a1dce03a92119b6

To shortly explain what the patched method does - it's basically a pseudo prepared statement compiler. It takes an SQL query and an array of values and then replaces each occurence of '?' (default value for $this->bind_marker) with the corresponding (by position) element from the input array.

Test script:
---------------
<?php
$query = 'UPDATE `table_name` SET `field1_name` = :? WHERE `field2_name` = :?';
$bind_marker = '?';
$bind_values = array("'foo'", "'bar'");
echo str_replace($bind_marker, $bind_values, $sql);

Expected result:
----------------
UPDATE `table_name` SET `field1_name` = 'foo' WHERE `field2_name` = 'bar'

Actual result:
--------------
PHP Notice:  Array to string conversion in php shell code on line 5
UPDATE `table_name` SET `field1_name` = Array WHERE `field2_name` = Array

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-09 12:05 UTC] narf at devilix dot net
-: narf at bofh dot bg +: narf at devilix dot net -Status: Open +Status: Closed
 [2015-01-09 12:05 UTC] narf at devilix dot net 
Duplicate of #38685 / https://bugs.php.net/bug.php?id=38685
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed May 01 23:01:28 2024 UTC