#44956 [Com]: stripslashes() removes slashes not added by addslashes()
ID: 44956 Comment by: c dot onogol at gmail dot com Reported By: webmaster at drk dot com dot ar Status: Open Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 5.2.6 New Comment: I realized my previous comment needs some clarification. The function does work when you do: assert($a == stripslashes(addslashes($a))) This function breaks strings when not used in conjunction with addslashes(). By simply skipping single backslashes you can make this function safe to use in all cases. Wouldn't it be an enhancement if you made it so single slashes are simply skipped, since most likely they have not been used with addslashes()? Previous Comments: [2008-05-09 15:56:30] c dot onogol at gmail dot com I agree. The documentation makes you think it's the exact opposite of addslashes(), both in the function description and its return values (which happen to be explicitly listed, and there's no mention of removing single slashes that are not escaping anything). There's no string that produces "this \ that" after a call to addslashes(). addslashes("this that") would never output "this \ that"... The doc says clearly "Un-quotes a quoted string", it's clear its purpose is to run it on strings to be inserted in a DB, why would it remove single slashes? [2008-05-09 15:43:35] webmaster at drk dot com dot ar Description: stripslashes() removes slashes not added by addslashes() I expect a function to do what is described in the first line of its documentation. As published in this site "un-quotes strings quoted with addslashes()" It is water clear this functions isn't working as expected. As it shouldn't remove any slash that addslashes() wouldn't add. In example, a slash before a space won't be added by addslashes() and mustn't be removed by stripslashes() You can refuse to correct the code. In that case, which I consider most useless, you ought to correct the documentation. I ask myself won't be useful a function which undoes what addslashes() does? Reproduce code: --- Expected result: "the first \ should stay. it's the "right" case" Actual result: -- "the first should stay. it's the "right" case" -- Edit this bug report at http://bugs.php.net/?id=44956&edit=1
#44956 [Com]: stripslashes() removes slashes not added by addslashes()
ID: 44956 Comment by: c dot onogol at gmail dot com Reported By: webmaster at drk dot com dot ar Status: Open Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 5.2.6 New Comment: I agree. The documentation makes you think it's the exact opposite of addslashes(), both in the function description and its return values (which happen to be explicitly listed, and there's no mention of removing single slashes that are not escaping anything). There's no string that produces "this \ that" after a call to addslashes(). addslashes("this that") would never output "this \ that"... The doc says clearly "Un-quotes a quoted string", it's clear its purpose is to run it on strings to be inserted in a DB, why would it remove single slashes? Previous Comments: [2008-05-09 15:43:35] webmaster at drk dot com dot ar Description: stripslashes() removes slashes not added by addslashes() I expect a function to do what is described in the first line of its documentation. As published in this site "un-quotes strings quoted with addslashes()" It is water clear this functions isn't working as expected. As it shouldn't remove any slash that addslashes() wouldn't add. In example, a slash before a space won't be added by addslashes() and mustn't be removed by stripslashes() You can refuse to correct the code. In that case, which I consider most useless, you ought to correct the documentation. I ask myself won't be useful a function which undoes what addslashes() does? Reproduce code: --- Expected result: "the first \ should stay. it's the "right" case" Actual result: -- "the first should stay. it's the "right" case" -- Edit this bug report at http://bugs.php.net/?id=44956&edit=1
#44876 [WFx]: stripslashes() removes backslashes in wrong cases
ID: 44876 User updated by: c dot onogol at gmail dot com Reported By: c dot onogol at gmail dot com Status: Wont fix Bug Type: Scripting Engine problem Operating System: Windows NT PHP Version: 5.2.5 New Comment: According to the documentation, stripslashes() un-quotes strings quoted with addslashes(). The slash in the example would have never been added by addslashes() and is not escaping any quotes or backslashes. If this is the expected behavior, then one could say the documentation is inaccurate and misleading. Under return values it even says: "Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\)." I think the expected behavior one gets from the documentation differs from the actual behavior of the function. Something along the lines of "strips all backslashes" would be more accurate if the expected behavior is the one you describe Thanks Previous Comments: [2008-05-02 20:32:42] [EMAIL PROTECTED] This is expected behaviour and has always been this way. -------- [2008-04-30 21:16:17] c dot onogol at gmail dot com Description: stripslashes is supposed to remove backslashes added by addslashes(): from the doc: stripslashes Un-quote string quoted with addslashes() addslashes Quote string with slashes stripslashes return values from the documentation: Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\). The problem is that it removes single backslashes that are not escaping any quotes/slashes. For example, "this one \ that one" should stay the same after running stripslashes(), but it actually is stripping the backslash, so the end result of stripslashes("this one \ that one") is "this one that one". the backslash in "this one \ that one" is part of the original text and is not a backslash addslashes() would add. Reproduce code: --- Expected result: string(37) "this one \ should stay. it's a "test"" Actual result: -- string(36) "this one should stay. it's a "test"" -- Edit this bug report at http://bugs.php.net/?id=44876&edit=1
#44876 [NEW]: stripslashes() removes backslashes in wrong cases
From: c dot onogol at gmail dot com Operating system: Windows NT PHP version: 5.2.5 PHP Bug Type: Scripting Engine problem Bug description: stripslashes() removes backslashes in wrong cases Description: stripslashes is supposed to remove backslashes added by addslashes(): from the doc: stripslashes Un-quote string quoted with addslashes() addslashes Quote string with slashes stripslashes return values from the documentation: Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\). The problem is that it removes single backslashes that are not escaping any quotes/slashes. For example, "this one \ that one" should stay the same after running stripslashes(), but it actually is stripping the backslash, so the end result of stripslashes("this one \ that one") is "this one that one". the backslash in "this one \ that one" is part of the original text and is not a backslash addslashes() would add. Reproduce code: --- Expected result: string(37) "this one \ should stay. it's a "test"" Actual result: -- string(36) "this one should stay. it's a "test"" -- Edit bug report at http://bugs.php.net/?id=44876&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44876&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44876&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44876&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44876&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44876&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44876&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44876&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44876&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44876&r=support Expected behavior:http://bugs.php.net/fix.php?id=44876&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44876&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44876&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44876&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44876&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44876&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44876&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44876&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44876&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44876&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44876&r=mysqlcfg