php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #64516 preg_quote() doesn't work to escape the replacement
Submitted: 2013-03-25 22:30 UTC Modified: 2016-08-20 13:02 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: php at richardneill dot org Assigned: cmb (profile)
Status: Closed Package: PCRE related
PHP Version: 5.4.13 OS: all
Private report: No CVE-ID: None
 [2013-03-25 22:30 UTC] php at richardneill dot org
Description:
------------
preg_quote() is great for escaping a user-supplied search string.
There is no matching function to escape a user-supplied replacement string.

My wish is for preg_quote() to have an extra flag "IS_REPLACEMENT" or to have a 
function preg_quote_replacement(), which would escape only backslash and dollar 
signs.

Example below.


Might I also suggest this is a documentation bug, in that there is no explanation 
of the correct way to work around this?

Test script:
---------------
$text = 'Invoice: You owe me *#5* !';
$user_search  = "*#5*";
$user_replace = "*$5*";

$search = preg_quote($user_search, "/");
$replace_bad1 = $user_replace;
$replace_bad2 = preg_quote($user_replace);  

$new_text1 = preg_replace("/$search/", "$replace_bad1", $text);
$new_text2 = preg_replace("/$search/", "$replace_bad2", $text);
echo "Input: $text\nNew1:  $new_text1\nNew2:  $new_text2\n";


Expected result:
----------------
I want to return the string:
    Invoice: You owe me *$5* !


Actual result:
--------------
Input: Invoice: You owe me *#5* !
New1:  Invoice: You owe me ** !
New2:  Invoice: You owe me \*$5\* !

1. the '*' in the search string is not magic, thanks to the normal use of 
preg_quote(). This is what I expect.

2. If I replace with a literal, then '$5' becomes the 5th backreference, which is 
empty.

3. If I preg_quote the replacement, then we get spurious backslashes before the 
'*'s.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-20 12:41 UTC] cmb@php.net
-Summary: wish: add flag to preg_quote to escape the replacement +Summary: preg_quote() doesn't work to escape the replacement -Status: Open +Status: Verified -Type: Feature/Change Request +Type: Documentation Problem -Assigned To: +Assigned To: cmb
 [2016-08-20 12:41 UTC] cmb@php.net
In my opinion, there is no need for preg_quote_replacement() to be
in the core, because it appears to be rarely needed, and can
otherwise easily implemented in userland:

function preg_quote_replacement($str) {
    return addcslashes($str, '\\$');
}

See also <https://3v4l.org/ZYue6>.

I agree, that the documentation should be improved to point out
that preg_quote() shouldn't be used on replacement strings.
 [2016-08-20 13:02 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=339916
Log: Fix #64516: preg_quote() doesn't work to escape the replacement
 [2016-08-20 13:02 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 06:01:26 2019 UTC