ID:               33904
 Updated by:       [EMAIL PROTECTED]
 Reported By:      php at kanariepiet dot com
 Status:           Open
 Bug Type:         Scripting Engine problem
 Operating System: Linux 2.4.31 and Mac OS X 10.4.2
 PHP Version:      5.0.4
 New Comment:

See also bug #29165.


Previous Comments:
------------------------------------------------------------------------

[2005-07-28 17:04:23] php at kanariepiet dot com

php5-200507281430 gives the same results as php-5.0.4:

<?php
        print_r ($_POST);
?>
<form method="post">
<input type="text" name="foo'bar" value="bar'foo">
</form>

returns

Array (
  [foo\'bar] => bar'foo
)

------------------------------------------------------------------------

[2005-07-28 16:34:20] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip



------------------------------------------------------------------------

[2005-07-28 16:30:33] php at kanariepiet dot com

phpinfo() show that magic quotes are turned off.
As stated above, value parts are left alone. The following 
code returns Array ( [test] => foo'bar ) as expected, so the 
settings are ok.

<?php print_r ($_POST); ?>
<form method="post">
<input type="text" name="test" value="foo'bar">
</form>

------------------------------------------------------------------------

[2005-07-28 16:26:57] php at kanariepiet dot com

To be more precies:

The quotes in the value parts of the $_POST array are left 
alone (good), but the quotes in the key parts of the $_POST 
array are preceeded with slashes (wrong).

------------------------------------------------------------------------

[2005-07-28 15:36:24] php at kanariepiet dot com

Description:
------------
With magic_quotes_gpc turned off, PHP shouldn't add quotes to 
posted variables. This is true for normal variables like 
<input type="text" name="test" value="foo'bar">.
However, when posting associative arrays like <input 
type="text" name="test[foo'bar]" value="dummy"> PHP 5.0.4 adds 
a quote before the '.

PHP 4.3.4 does not have this bug.

Reproduce code:
---------------
<?php print_r ($_POST); ?>
<form method="post">
<input type="text" name="foo'bar" value="dummy">
<input type="submit">
</form>

Expected result:
----------------
With magic_quotes_gpc turned off, it should say (and PHP 4.3.4 
does):
Array
(
   [foo'bar] => dummy
)

Actual result:
--------------
However, with PHP 5.0.4 it says:
Array
(
   [foo\'bar] => dummy
)


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=33904&edit=1

Reply via email to