ID: 15711
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Closed
+Status: Bogus
Bug Type: Unknown/Other Function
Operating System: Linux
PHP Version: 4.0.6
New Comment:
For the stats: both addslashes and stripslashes behave as expected.
This is your problem:
echo "' \' \\' \\\'";
is evaluated by PHP and becomes ' \' \' \\' which is expected behaviour
as \\ means \.
Previous Comments:
------------------------------------------------------------------------
[2002-02-26 05:37:10] [EMAIL PROTECTED]
I checked the code and the output/input for cgi and module versions and
the actual problem I am running into does not seem to be in the
addslashes routine, so I am closing this bug report. Apologies to
anyone that took the time to read this.
------------------------------------------------------------------------
[2002-02-25 07:01:09] [EMAIL PROTECTED]
I've added verbose reports in case this report is influences by
addslashes as well.
the following simple test:
<?php
echo addslashes("' \' \\' \\\'\n");
echo stripslashes(addslashes("' \' \\' \\\'\n"));
?>
(i.e.: quote, slash quote, double slash quote, triple slash quote) is
expected to yield (escape each slash and each quote):
\' \\\' \\\\\' \\\\\\\'
' \' \\' \\\'
(ie addslashes should yield slash quote, triple slash quote, five times
slash quote, seven times slash quote, stripslashes should yield quote,
slash quote, double slash quote, triple slash quote).
Instead, addslashes does not appear to quote properly and this is what
I get:
\' \\\' \\\' \\\\\'
' \' \' \\'
(addslashes: slash quote, triple slash quote, triple slash quote, five
times slash quote. stripslashes on this output: quote, slash quote,
slash quote, double slash quote).
Obviously, this makes addslashes kind-of useless if you get escaped
input. Yes, my database queries will not fail and that would be the
primary use of addslashes.
It appears that the escaped quote of the second and third combination
(double slash quote and triple slash quote) is not translated to the
expected triple slash quote (i.e. an escaped slash plus an escaped
quote).
Here's the configure line if it is of any use:
'./configure' '--with-apache=../apache' '--with-mysql=/usr'
'--with-openssl' '--with-zlib' '--enable-debug=no'
'--enable-safe-mode=no' '--enable-discard-path=no' '--with-gd'
'--with-ttf' '--enable-gd-imgstrttf' '--enable-gd-native-ttf'
'--with-png-dir=/usr/lib' '--with-jpeg-dir=/usr/lib'
'--enable-magic-quotes' '--enable-ftp' '--enable-memory-limit'
and I disabled magic_quotes_gpc in a local .htaccess
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15711&edit=1
