|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #64516 preg_quote() doesn't work to escape the replacement
Submitted: 2013-03-25 22:30 UTC Modified: 2016-08-20 13:02 UTC
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: php at richardneill dot org Assigned: cmb (profile)
Status: Closed Package: PCRE related
PHP Version: 5.4.13 OS: all
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
32 + 17 = ?
Subscribe to this entry?

 [2013-03-25 22:30 UTC] php at richardneill dot org
preg_quote() is great for escaping a user-supplied search string.
There is no matching function to escape a user-supplied replacement string.

My wish is for preg_quote() to have an extra flag "IS_REPLACEMENT" or to have a 
function preg_quote_replacement(), which would escape only backslash and dollar 

Example below.

Might I also suggest this is a documentation bug, in that there is no explanation 
of the correct way to work around this?

Test script:
$text = 'Invoice: You owe me *#5* !';
$user_search  = "*#5*";
$user_replace = "*$5*";

$search = preg_quote($user_search, "/");
$replace_bad1 = $user_replace;
$replace_bad2 = preg_quote($user_replace);  

$new_text1 = preg_replace("/$search/", "$replace_bad1", $text);
$new_text2 = preg_replace("/$search/", "$replace_bad2", $text);
echo "Input: $text\nNew1:  $new_text1\nNew2:  $new_text2\n";

Expected result:
I want to return the string:
    Invoice: You owe me *$5* !

Actual result:
Input: Invoice: You owe me *#5* !
New1:  Invoice: You owe me ** !
New2:  Invoice: You owe me \*$5\* !

1. the '*' in the search string is not magic, thanks to the normal use of 
preg_quote(). This is what I expect.

2. If I replace with a literal, then '$5' becomes the 5th backreference, which is 

3. If I preg_quote the replacement, then we get spurious backslashes before the 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-20 12:41 UTC]
-Summary: wish: add flag to preg_quote to escape the replacement +Summary: preg_quote() doesn't work to escape the replacement -Status: Open +Status: Verified -Type: Feature/Change Request +Type: Documentation Problem -Assigned To: +Assigned To: cmb
 [2016-08-20 12:41 UTC]
In my opinion, there is no need for preg_quote_replacement() to be
in the core, because it appears to be rarely needed, and can
otherwise easily implemented in userland:

function preg_quote_replacement($str) {
    return addcslashes($str, '\\$');

See also <>.

I agree, that the documentation should be improved to point out
that preg_quote() shouldn't be used on replacement strings.
 [2016-08-20 13:02 UTC]
Automatic comment from SVN on behalf of cmb
Log: Fix #64516: preg_quote() doesn't work to escape the replacement
 [2016-08-20 13:02 UTC]
-Status: Verified +Status: Closed
 [2020-02-07 06:06 UTC]
Automatic comment on behalf of cmb
Log: Fix #64516: preg_quote() doesn't work to escape the replacement
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 08 22:03:36 2021 UTC