ID: 20310 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Won\'t fix Bug Type: Variables related Operating System: SunOS PHP Version: 4.2.2 New Comment:
Just because print_r is a debuggung tool, it shold not introduce additional bugs into the HTML code! But as it is, it will - insert a HTML tag whenever it should report a less-than csign, - insert a HTML entity whenever it should report an ampersand sign, - spoil the whole HTML syntax, whenever it simply should report a double-quote sign. This renders print_r rather a dangerous (if not to say: unusable) tool. Please revert the status of Bug #20310 to open, or perhaps to feature-request. Previous Comments: ------------------------------------------------------------------------ [2002-11-08 08:16:28] [EMAIL PROTECTED] print_r is just a debugging tool, I see no reason to have htmlspecialchars applied to it. Also, you can do this yourself quite easily by using output buffers if you _really_ need this. Derick ------------------------------------------------------------------------ [2002-11-08 08:01:37] [EMAIL PROTECTED] print_r writes directly to php://output, hence its output should comply with HTML syntax rules. However, print_r will issue non-compliant code, or generate spurious entities, whenever a variable contains an HTML special character. Hence, print_r should apply htmlspecialchars to all strings it is going to write to php://output. Try the demo at <http://www.rz.uni-konstanz.de/Antivirus/tests/print_r.php> with Netscape 6, or Opera 6, as IE 6 will not reveal all the surprises I've hidden therein ;-) The pertinent PHP source can be seen at <http://www.rz.uni-konstanz.de/Antivirus/tests/print_r.txt>. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20310&edit=1