ID: 8795
Updated by: cynic
Old-Status: Open
Status: Closed
Bug Type: Scripting Engine problem
Assigned To: 

you must turn magic_quotes_gpc off if you don't want PHP to addslashes() your GPC 
if this is not the case, reopen the bug report.

Previous Comments:

[2001-01-18 22:37:16] [EMAIL PROTECTED]
When using the <form action="post"...>-tag, the posted result is unexpectedly changed 
so that single quotes ('), double quotes (") and backslash () is recieved in 
backslash-escaped form (', ", and \).

The unexpected results have been reproduced with PHP4 v4.0.2, v4.0.3pl1 and v4.0.4pl1 
on Windows 2000 (downloaded binary from, and with PHP v4.0.3pl1 on SunOS 
SunOS v5.6 (amongst others). The tested browsers are MS Internet Explorer 5.00, 
IE5.5sp1, Netscape v6.?? and Opera v5.??.

However, php3 produces the EXPECTED, un-escaped result!!!
This is tested with PHP v3.0.16 on SunOS v5.6 and PHP v3.0.11 on Linux v2.0.30.

You can experience both the expected and unexpected behavior yourself with a tiny 
testscript I've written to trace the problem: (PHP4)
and (PHP3)

The source is visible at

The script sends the result to itself and shows it.
You will notice that everything is passed on unmodified in the php3-version, whereas 
the mentioned characters are escaped each time they are sent through the php4-version 
(doubling the number of backslashes every time!)

phpinfo is available at (php4)
and (php3).

If this is a documented feature and not a bug as I expect I would really apreciate 
being pointed to documentation of the "feature" and better yet, how to work around the 
"feature"! ;)

Thanks in advance! :)
Mogens M. Christensen


Full Bug description available at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to