|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8986 preg_replace: "$dd" pattern in replacement string treated as a backreference
Submitted: 2001-01-29 13:00 UTC Modified: 2001-01-29 17:25 UTC
From: gwh at acm dot org Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.4pl1 OS: linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: gwh at acm dot org
New email:
PHP Version: OS:


 [2001-01-29 13:00 UTC] gwh at acm dot org
In php_pcre.c line 630, the dollar sign '$' is also used as in indicator for a backreference, which is undocumented. This breaks any replacement string that contains the "$dd" pattern where "dd" are numerical digits. For example:

$test = "hello there";
$output = preg_replace("/hello/","$10.00",$test);
print $output;

results in the output:

.00 there

The "$10" is taken as a back reference and resolves to NULL leaving the ".00". 

In my application, I need to merge user generated text that may contain dollar signs. I am using preg_replace and doing multiple keyword,value substitutions using arrays.

My only workaround right now is to perform a preliminary preg_replace and insert a space after each dollar sign.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-29 13:05 UTC] gwh at acm dot org
By the way, no variable replacement is taking place with the "$10.00". It fails if the script is:

$test = "hello there";
$output = preg_replace('/hello/','$10.00',$test);
print $output;

as well. The input that I am passing to the function is posted form data. Which contains valid text up to this function call, afterwhich the replaced text exhibits the problem described above.

 [2001-01-29 17:25 UTC]
This is documented in the online manual. Please use \\ in front of $ to escape it (latest CVS).
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Oct 23 09:03:33 2021 UTC