ID: 33067 User updated by: admin at ninthcircuit dot info Reported By: admin at ninthcircuit dot info Status: Bogus Bug Type: Output Control Operating System: Linux PHP Version: 4.3.11 New Comment:
My mistake for not mentioning this other detail: Rasmus: That setting is all good and well if you're running with administrator privileges on the machine/s... but what alternatives are available in PHP if you're not? I'm using PHP with a commercial web host who, more than likely, is not going to toggle this option for me (other user's accounts may in fact depend on this feature). Previous Comments: ------------------------------------------------------------------------ [2005-05-19 18:08:22] [EMAIL PROTECTED] That's an RTFM - turn off magic_quotes_gpc if you don't want it to do this for you. ------------------------------------------------------------------------ [2005-05-19 16:59:51] admin at ninthcircuit dot info Description: ------------ Basically I'm wondering why PHP adds an escape character when a "\" is submitted in a form (register globals is off). My apologies in advance if this bug has already been reported or declared "bogus" in some other URL. I didn't find any similar bug like when I did the advanced search, so I thought I'd submit it. Reproduce code: --------------- <?php /* The below code is a form that will submit * the field information to itself. * To see the problem, simply type in "te\st" * (without quotes) in the text field. * * Once PHP has finished parsing the script * and displays the input back to the user, * it shows up as "te\\st" instead of what * was expected: "te\st". Consequently, if I * resubmit it unmodified, it will appear * as "te\\\\st". * * PHP continues to escape the $_POST'ed string, * when clearly it really shouldn't. */ print "<form action=".$_SERVER['PHP_SELF']." method=post> <input type=text name=test value=\"".$_POST['test']."\"> <input type=submit name=submit value=Result>"; Expected result: ---------------- I expect to see the result of the inputted data to be returned "as-is" -- that is, I expect the data to have the same appearance as when I sent it. Actual result: -------------- As previously mentioned, PHP returns a semi-anticipated result, with all backslash characters escaped. This produces an undesirable "recursive" effect, nearly doubling the number of escapes each time the form is submitted to itself. This could be the result of the version of PHP I'm currently working with, however. If it is, what kind of workaround can I get for this problem? ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33067&edit=1