From:             mikea at gb-im dot com
Operating system: Linux Slackware 9.0
PHP version:      4.3.1
PHP Bug Type:     Variables related
Bug description:  PHP is not dealing properly with variable names ending in 'id'

Description:
------------
RE: bug 15052

We are having a similar problem with scripts that were working fine in
older versions of PHP (4.16, etc.) and now that we are on version 4.3.1,
any variable that I have that ends in the letters 'id' isn't being passed
properly from POST submissions to form handler scripts. NO CODE HAS
CHANGES IN THE SCRIPTS THEMSELVES, ONLY THE VERSION OF PHP HAS CHANGED.

For example:

A snipet from the form (I switched normal HTML brackets for square
brackets for readibility and posible security issues on this bug
tracker):

[form method="post" action="form_submit.php?ul=$ul&uid=$uid"]

COMMENT: the URL variables of UL and UID are pulled from values passed in
on th calling link and represent user level and user ID respectively. I
have no problem retrieving these values.

[select name="sid"]
[option value="NOTUSED"]NOTUSED[/option]
[option value=1]blah[/option]
[option value=2]rocco[/option]
[/select]

[/form]

COMMENT: When the form is submitted, I dynamically create an SQL string
based on which form fields are filled out. So, in the receiving script,
there is logic similar to this:

If ($sid != 'NOTUSED')
{

   $search_string = $search_string . " and sid = '$sid'";

}

When the script has finished looking at all of the submitted form values,
and you look at the finished SQL query string, it ends up looking like
this:

"select * from orders where stuff = 'stuff' and junk = 'junk' and sid =
'1sid1'";

I honestly have no idea what is going on, a the scripts themselves worked
fine under the older versions of PHP and now is doing this. It is a
strange error. We temporarily fixed it by exploding the $sid variable.
That allowed us to seperate out the first character and isolate it for use
throughout the script.

Any thoughts? 

Reproduce code:
---------------
<html>
<body>
<?PHP
$ul = 2;
$uid = 99999;
print "<form method=\"post\"
action=\"myform_process.php?ul=$ul&uid=$uid\">";
?>
<select name=sid>
<option>[not used]</option>
<option value=1>blah</option>
<option value=2>stuff</option>
</select>
<input type="submit" value="submit now!">
</form>
</body>
</html>

Expected result:
----------------
A printed statement (assuming I chose the option labeled 'blah'):

select * from orders where uid = '99999' and sid = '1'

Actual result:
--------------
This is the actual printed statement:

select * from orders where uid = '99999' and sid = '1sid=1'

(the form submit-to script looks like this:

<?PHP
print "select * from orders where uid = '$uid' and sid = '$sid'"; 
?>

)

Yes, that is all the script does is print out a statement in this example!

-- 
Edit bug report at http://bugs.php.net/?id=24651&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=24651&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=24651&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=24651&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24651&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24651&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24651&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24651&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24651&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24651&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24651&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24651&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24651&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24651&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24651&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24651&r=gnused

Reply via email to