php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8986 preg_replace: "$dd" pattern in replacement string treated as a backreference
Submitted: 2001-01-29 13:00 UTC Modified: 2001-01-29 17:25 UTC
From: gwh at acm dot org Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.4pl1 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gwh at acm dot org
New email:
PHP Version: OS:

 

 [2001-01-29 13:00 UTC] gwh at acm dot org
In php_pcre.c line 630, the dollar sign '$' is also used as in indicator for a backreference, which is undocumented. This breaks any replacement string that contains the "$dd" pattern where "dd" are numerical digits. For example:

<?php
$test = "hello there";
$output = preg_replace("/hello/","$10.00",$test);
print $output;
?>

results in the output:

.00 there

The "$10" is taken as a back reference and resolves to NULL leaving the ".00". 

In my application, I need to merge user generated text that may contain dollar signs. I am using preg_replace and doing multiple keyword,value substitutions using arrays.

My only workaround right now is to perform a preliminary preg_replace and insert a space after each dollar sign.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-29 13:05 UTC] gwh at acm dot org
By the way, no variable replacement is taking place with the "$10.00". It fails if the script is:

<?php
$test = "hello there";
$output = preg_replace('/hello/','$10.00',$test);
print $output;
?>

as well. The input that I am passing to the function is posted form data. Which contains valid text up to this function call, afterwhich the replaced text exhibits the problem described above.

Thanks...
 [2001-01-29 17:25 UTC] andrei@php.net
This is documented in the online manual. Please use \\ in front of $ to escape it (latest CVS).
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC