[PHP-DEV] Looking for comments whether this is a bug or not
I am not sure if this is a bug, but I have came across two test cases
where the behavior is not as expected so I thought I would ask.
The problem I am having seems to be with addslashes not properly
escaping this type of string C:\test\foo.exe. Here is the scenario:
$email-body = This is a test email. Testing c:\test\foo.exe;
When the $email object is later broke down and stored in the database
addslashes is done (as it should be) before the variable is stored.
If you check the database though, no slashes were added to the string.
The only way I can seem to get it to work as I thought it should, is to
do the following:
addslashes(str_replace(\\, , $body))
Then when you check the database you see the proper This is a test
email. Testing c:\\test\\foo.exe.
The other example I have is with an object which looks similar to:
class login_handler
{
var last_ticket_subject;
// ... (code truncated)
}
If I set the class's last_ticket_subject to This is a test
c:\test\foo.com later in the code, then do the following:
addslashes(serialize($login_handler))
and check the database, once again it didn't add any slashes. The only
way I can get it to add the slashes as I think it should, is to do the
following:
addslashes(str_replace(\\, , serialize($login_handler)))
I am doing something wrong (or did I misunderstand something) or is this
in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the
behavior is exactly the same. If it isn't a bug, can someone clarify for
me why addslashes would be designed this way?
Jeremy Johnstone
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Looking for comments whether this is a bug or not
Your string assignments look wrong. For example, \t is a tab
character. Try your test cases with 'This is a test email. Testing
c:\test\foo.exe'; that should give you a proper string.
Ken
Jeremy Johnstone wrote:
I am not sure if this is a bug, but I have came across two test cases
where the behavior is not as expected so I thought I would ask.
The problem I am having seems to be with addslashes not properly
escaping this type of string C:\test\foo.exe. Here is the scenario:
$email-body = This is a test email. Testing c:\test\foo.exe;
When the $email object is later broke down and stored in the database
addslashes is done (as it should be) before the variable is stored.
If you check the database though, no slashes were added to the string.
The only way I can seem to get it to work as I thought it should, is to
do the following:
addslashes(str_replace(\\, , $body))
Then when you check the database you see the proper This is a test
email. Testing c:\\test\\foo.exe.
The other example I have is with an object which looks similar to:
class login_handler
{
var last_ticket_subject;
// ... (code truncated)
}
If I set the class's last_ticket_subject to This is a test
c:\test\foo.com later in the code, then do the following:
addslashes(serialize($login_handler))
and check the database, once again it didn't add any slashes. The only
way I can get it to add the slashes as I think it should, is to do the
following:
addslashes(str_replace(\\, , serialize($login_handler)))
I am doing something wrong (or did I misunderstand something) or is this
in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the
behavior is exactly the same. If it isn't a bug, can someone clarify for
me why addslashes would be designed this way?
Jeremy Johnstone
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Looking for comments whether this is a bug or not
The actual value of those variables are pulled in from other sources,
they are not actually hard coded like I showed below. It was simply for
illustration purposes.
Jeremy
On Sat, 2003-08-30 at 15:56, Ken Tossell wrote:
Your string assignments look wrong. For example, \t is a tab
character. Try your test cases with 'This is a test email. Testing
c:\test\foo.exe'; that should give you a proper string.
Ken
Jeremy Johnstone wrote:
I am not sure if this is a bug, but I have came across two test cases
where the behavior is not as expected so I thought I would ask.
The problem I am having seems to be with addslashes not properly
escaping this type of string C:\test\foo.exe. Here is the scenario:
$email-body = This is a test email. Testing c:\test\foo.exe;
When the $email object is later broke down and stored in the database
addslashes is done (as it should be) before the variable is stored.
If you check the database though, no slashes were added to the string.
The only way I can seem to get it to work as I thought it should, is to
do the following:
addslashes(str_replace(\\, , $body))
Then when you check the database you see the proper This is a test
email. Testing c:\\test\\foo.exe.
The other example I have is with an object which looks similar to:
class login_handler
{
var last_ticket_subject;
// ... (code truncated)
}
If I set the class's last_ticket_subject to This is a test
c:\test\foo.com later in the code, then do the following:
addslashes(serialize($login_handler))
and check the database, once again it didn't add any slashes. The only
way I can get it to add the slashes as I think it should, is to do the
following:
addslashes(str_replace(\\, , serialize($login_handler)))
I am doing something wrong (or did I misunderstand something) or is this
in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the
behavior is exactly the same. If it isn't a bug, can someone clarify for
me why addslashes would be designed this way?
Jeremy Johnstone
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Looking for comments whether this is a bug or not
* Thus wrote Jeremy Johnstone ([EMAIL PROTECTED]): $email-body = This is a test email. Testing c:\test\foo.exe; When the $email object is later broke down and stored in the database addslashes is done (as it should be) before the variable is stored. If you check the database though, no slashes were added to the string. addslashes() is working properly. What you're experiencing is the database servers' translation of '\\' - '\'. The documentation on addslashes explains this: http://php.net/addslashes I am doing something wrong (or did I misunderstand something) or is this in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the btw, you should post these questions to the php-general list, especially when you are in doubt if you're using the function properly. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Looking for comments whether this is a bug or not
* Thus wrote Jeremy Johnstone ([EMAIL PROTECTED]):
On Sun, 2003-08-31 at 10:11, Curt Zirzow wrote:
* Thus wrote Jeremy Johnstone ([EMAIL PROTECTED]):
You might want to check the documentation again as it does not say
anything about the db server translating \\ into \. This seems highly
illogical, because if thats the case then addslashes(This is Jeremy's
test of c:\test\foo.exe) would get corrupted when you strippedslashes
after you pulled it back out of the database. If this is the case, which
database servers translate this way? I will then make sure I go update
the documentation accordingly.
I suppose it doesn't say that directly but it does explain what
characters need to be quoted with the '\'.
quote http://php.net/addslashes
Returns a string with backslashes before characters that need to be
quoted in database queries etc. These characters are single quote
('), double quote (), backslash (\) and NUL (the NULL byte).
/quote
When to use stripslashes() and addslashes() depends on the
php.ini setting 'magic_quotes_gpc', as noted in both of the
functions documentation.
btw, you should post these questions to the php-general list,
especially when you are in doubt if you're using the function
properly.
Actually I was quite sure I was using the function correctly, I said
that in case I misunderstood something in the documentation and thus
needed to update the documentation accordingly.
I was letting you know that in future posts, questions regarding
proper use of functions or finding bugs should be posted to the
php-general list.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
