ID: 29165 User updated by: guardkarma-php at yahoo dot com Reported By: guardkarma-php at yahoo dot com -Status: Bogus +Status: Open -Bug Type: Output Control +Bug Type: Scripting Engine problem Operating System: Mac OS X PHP Version: 5.0.0 New Comment:
This problem also makes PHP 5 not 100% backward compatible. Previous Comments: ------------------------------------------------------------------------ [2004-07-15 22:31:31] itsbrady-php at yahoo dot com I don't think the bug is bogus, for several reasons: #1) Any valid form input should be able to map to PHP. Sometimes PHP isn't the only programming environment present. Sometimes PHP might have to interoperate with other environments which might have different variable naming conventions, etc. #2) The entire reason we chose to use apostrophes in our form variable names was to work around PHP's remapping from . to _ within variable names (e.g., foo.var => foo_var). We can't just remap back from underscore to period to "regenerate" the original variable name, because that might remap legitimate uses of the underscore (example, foo_something.var gets mapped to foo_something_var, and if you tried to map it back you'd get foo.something.var, which doesn't match). #3) It used to work fine in all previous versions of PHP we've used (throughout the PHP 4.x series). #4) We certainly do not want PHP to create Global variables like $foo'var - that would be nuts. We just want to access a perfectly valid key in a hash - $_REQUEST["foo'var"]. There's no language rule against any such key, and no real reason not to support variables so named on forms. ------------------------------------------------------------------------ [2004-07-15 11:40:16] [EMAIL PROTECTED] We don't support variable names with wierd characters, so the result is undefined. ------------------------------------------------------------------------ [2004-07-14 22:52:30] guardkarma-php at yahoo dot com Description: ------------ When upgrading from php 4.3 to 5.0 and using the same php.ini file, form variable names with apostrophe characters are now being escaped. magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off Reproduce code: --------------- // mydomain.com/script.php?variable'name=value <? print_r($_REQUEST); ?> Expected result: ---------------- Array ( [variable'name] => value ) Actual result: -------------- Array ( [variable\'name] => value ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=29165&edit=1
