Chew on this...

develo...@mypse:~$ cat ./md5test.php
$password = '12345678';
echo md5(strtoupper($password));
echo "\n";
echo md5(strtoupper('12345678'));
echo "\n";

$password = '$12345678';
echo md5(strtoupper($password));
echo "\n";
echo md5(strtoupper('$12345678'));
echo "\n";

develo...@mypse:~$ ./md5test.php

develo...@mypse:~$ php -r "echo md5(strtoupper('12345678'));"

develo...@mypse:~$ php -a
Interactive shell
php > echo md5(strtoupper('$12345678'));

develo...@mypse:~$ php -r "echo md5(strtoupper('$12345678'));"

Why is the "-r" command line version different?

man php:

       Using parameter -r you can directly execute  PHP  code  simply  as
       would do inside a .php file when using the eval() function.

develo...@mypse:~$ php -v
PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch (cli) (built: Jan  6 2010
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Then I tried it again on two different servers with the same result:

PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch (cli) (built: Jan  6 2010
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00)

Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

So now it get's more interesting...

A co-worker suggested to reverse the quotes:

develo...@mypse:~$ php -r 'echo md5(strtoupper("$12345678"));'

Note the use of the single and double quotes are reversed. This gives me
the RIGHT checksum.

To me this version is syntactically wrong because the " would indicate in
normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of
variable or something. Whereas a ' says use the literal AS IS.

Not to mention that it is completely confusing that -r gives different
results than -a and using it in a .php file all together. 

IF quotes are a factor (as they seem to be), then the -r PHP
behind-the-scenes code should flip them around or something so the
developer doesn't have to be concerned with this edge case nonsense. 

Sanity would dictate that all ways of executing the SAME PHP code would
give the SAME results.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to