Ken
Jeremy Johnstone wrote:
I am not sure if this is a bug, but I have came across two test cases where the behavior is not as expected so I thought I would ask.
The problem I am having seems to be with addslashes not properly escaping this type of string "C:\test\foo.exe". Here is the scenario:
$email->body = "This is a test email. Testing c:\test\foo.exe";
When the $email object is later broke down and stored in the database
addslashes is done (as it should be) before the variable is stored.
If you check the database though, no slashes were added to the string. The only way I can seem to get it to work as I thought it should, is to do the following:
addslashes(str_replace("\\", "\\\\", $body))
Then when you check the database you see the proper "This is a test
email. Testing c:\\test\\foo.exe".
The other example I have is with an object which looks similar to:
class login_handler {
var last_ticket_subject;
// ... (code truncated)
}
If I set the class's last_ticket_subject to "This is a test c:\test\foo.com" later in the code, then do the following:
addslashes(serialize($login_handler))
and check the database, once again it didn't add any slashes. The only way I can get it to add the slashes as I think it should, is to do the following:
addslashes(str_replace("\\", "\\\\", serialize($login_handler)))
I am doing something wrong (or did I misunderstand something) or is this in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the behavior is exactly the same. If it isn't a bug, can someone clarify for me why addslashes would be designed this way?
Jeremy Johnstone
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
