#44956 [Com]: stripslashes() removes slashes not added by addslashes()
ID: 44956
Comment by: c dot onogol at gmail dot com
Reported By: webmaster at drk dot com dot ar
Status: Open
Bug Type: Scripting Engine problem
Operating System: Linux
PHP Version: 5.2.6
New Comment:
I realized my previous comment needs some clarification.
The function does work when you do:
assert($a == stripslashes(addslashes($a)))
This function breaks strings when not used in conjunction with
addslashes(). By simply skipping single backslashes you can make this
function safe to use in all cases.
Wouldn't it be an enhancement if you made it so single slashes are
simply skipped, since most likely they have not been used with
addslashes()?
Previous Comments:
[2008-05-09 15:56:30] c dot onogol at gmail dot com
I agree.
The documentation makes you think it's the exact opposite of
addslashes(), both in the function description and its return values
(which happen to be explicitly listed, and there's no mention of
removing single slashes that are not escaping anything).
There's no string that produces "this \ that" after a call to
addslashes().
addslashes("this that") would never output "this \ that"...
The doc says clearly "Un-quotes a quoted string", it's clear its
purpose is to run it on strings to be inserted in a DB, why would it
remove single slashes?
[2008-05-09 15:43:35] webmaster at drk dot com dot ar
Description:
stripslashes() removes slashes not added by addslashes()
I expect a function to do what is described in the first line of its
documentation. As published in this site "un-quotes strings quoted with
addslashes()"
It is water clear this functions isn't working as expected. As it
shouldn't remove any slash that addslashes() wouldn't add. In example, a
slash before a space won't be added by addslashes() and mustn't be
removed by stripslashes()
You can refuse to correct the code. In that case, which I consider most
useless, you ought to correct the documentation.
I ask myself won't be useful a function which undoes what addslashes()
does?
Reproduce code:
---
Expected result:
"the first \ should stay. it's the "right" case"
Actual result:
--
"the first should stay. it's the "right" case"
--
Edit this bug report at http://bugs.php.net/?id=44956&edit=1
#44956 [Com]: stripslashes() removes slashes not added by addslashes()
ID: 44956
Comment by: c dot onogol at gmail dot com
Reported By: webmaster at drk dot com dot ar
Status: Open
Bug Type: Scripting Engine problem
Operating System: Linux
PHP Version: 5.2.6
New Comment:
I agree.
The documentation makes you think it's the exact opposite of
addslashes(), both in the function description and its return values
(which happen to be explicitly listed, and there's no mention of
removing single slashes that are not escaping anything).
There's no string that produces "this \ that" after a call to
addslashes().
addslashes("this that") would never output "this \ that"...
The doc says clearly "Un-quotes a quoted string", it's clear its
purpose is to run it on strings to be inserted in a DB, why would it
remove single slashes?
Previous Comments:
[2008-05-09 15:43:35] webmaster at drk dot com dot ar
Description:
stripslashes() removes slashes not added by addslashes()
I expect a function to do what is described in the first line of its
documentation. As published in this site "un-quotes strings quoted with
addslashes()"
It is water clear this functions isn't working as expected. As it
shouldn't remove any slash that addslashes() wouldn't add. In example, a
slash before a space won't be added by addslashes() and mustn't be
removed by stripslashes()
You can refuse to correct the code. In that case, which I consider most
useless, you ought to correct the documentation.
I ask myself won't be useful a function which undoes what addslashes()
does?
Reproduce code:
---
Expected result:
"the first \ should stay. it's the "right" case"
Actual result:
--
"the first should stay. it's the "right" case"
--
Edit this bug report at http://bugs.php.net/?id=44956&edit=1
#44876 [WFx]: stripslashes() removes backslashes in wrong cases
ID: 44876
User updated by: c dot onogol at gmail dot com
Reported By: c dot onogol at gmail dot com
Status: Wont fix
Bug Type: Scripting Engine problem
Operating System: Windows NT
PHP Version: 5.2.5
New Comment:
According to the documentation, stripslashes() un-quotes strings quoted
with addslashes().
The slash in the example would have never been added by addslashes()
and is not escaping any quotes or backslashes.
If this is the expected behavior, then one could say the documentation
is inaccurate and misleading.
Under return values it even says:
"Returns a string with backslashes stripped off. (\' becomes ' and so
on.) Double backslashes (\\) are made into a single backslash (\)."
I think the expected behavior one gets from the documentation differs
from the actual behavior of the function. Something along the lines of
"strips all backslashes" would be more accurate if the expected behavior
is the one you describe
Thanks
Previous Comments:
[2008-05-02 20:32:42] [EMAIL PROTECTED]
This is expected behaviour and has always been this way.
--------
[2008-04-30 21:16:17] c dot onogol at gmail dot com
Description:
stripslashes is supposed to remove backslashes added by addslashes():
from the doc:
stripslashes Un-quote string quoted with addslashes()
addslashes Quote string with slashes
stripslashes return values from the documentation:
Returns a string with backslashes stripped off. (\' becomes ' and so
on.) Double backslashes (\\) are made into a single backslash (\).
The problem is that it removes single backslashes that are not escaping
any quotes/slashes.
For example, "this one \ that one" should stay the same after running
stripslashes(), but it actually is stripping the backslash, so the end
result of stripslashes("this one \ that one") is "this one that one".
the backslash in "this one \ that one" is part of the original text and
is not a backslash addslashes() would add.
Reproduce code:
---
Expected result:
string(37) "this one \ should stay. it's a "test""
Actual result:
--
string(36) "this one should stay. it's a "test""
--
Edit this bug report at http://bugs.php.net/?id=44876&edit=1
#44876 [NEW]: stripslashes() removes backslashes in wrong cases
From: c dot onogol at gmail dot com
Operating system: Windows NT
PHP version: 5.2.5
PHP Bug Type: Scripting Engine problem
Bug description: stripslashes() removes backslashes in wrong cases
Description:
stripslashes is supposed to remove backslashes added by addslashes():
from the doc:
stripslashes Un-quote string quoted with addslashes()
addslashes Quote string with slashes
stripslashes return values from the documentation:
Returns a string with backslashes stripped off. (\' becomes ' and so on.)
Double backslashes (\\) are made into a single backslash (\).
The problem is that it removes single backslashes that are not escaping
any quotes/slashes.
For example, "this one \ that one" should stay the same after running
stripslashes(), but it actually is stripping the backslash, so the end
result of stripslashes("this one \ that one") is "this one that one".
the backslash in "this one \ that one" is part of the original text and is
not a backslash addslashes() would add.
Reproduce code:
---
Expected result:
string(37) "this one \ should stay. it's a "test""
Actual result:
--
string(36) "this one should stay. it's a "test""
--
Edit bug report at http://bugs.php.net/?id=44876&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44876&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44876&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44876&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44876&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44876&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44876&r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=44876&r=needscript
Try newer version:http://bugs.php.net/fix.php?id=44876&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44876&r=support
Expected behavior:http://bugs.php.net/fix.php?id=44876&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44876&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44876&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44876&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44876&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44876&r=dst
IIS Stability:http://bugs.php.net/fix.php?id=44876&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44876&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44876&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44876&r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=44876&r=mysqlcfg
