Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:4304
Return-Path: <jsjohnst@altdns.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11991 invoked by uid 1010); 31 Aug 2003 04:00:15 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 11946 invoked from network); 31 Aug 2003 04:00:15 -0000
Received: from unknown (HELO mail.rocketservers.net) (64.246.52.103)
  by pb1.pair.com with SMTP; 31 Aug 2003 04:00:15 -0000
Received: (qmail 20448 invoked from network); 31 Aug 2003 04:01:38 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost with SMTP; 31 Aug 2003 04:01:38 -0000
To: internals@lists.php.net
Content-Type: text/plain
Message-ID: <1062302408.2724.33.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.0 
Date: 30 Aug 2003 23:00:09 -0500
Content-Transfer-Encoding: 7bit
Subject: Looking for comments whether this is a bug or not
From: jsjohnst@altdns.net (Jeremy Johnstone)

I am not sure if this is a bug, but I have came across two test cases
where the behavior is not as expected so I thought I would ask.

The problem I am having seems to be with addslashes not properly
escaping this type of string "C:\test\foo.exe". Here is the scenario:

$email->body = "This is a test email. Testing c:\test\foo.exe";

When the $email object is later broke down and stored in the database
addslashes is done (as it should be) before the variable is stored. 

If you check the database though, no slashes were added to the string.
The only way I can seem to get it to work as I thought it should, is to
do the following:

addslashes(str_replace("\\", "\\\\", $body))

Then when you check the database you see the proper "This is a test
email. Testing c:\\test\\foo.exe". 

The other example I have is with an object which looks similar to:

class login_handler 
{

	var last_ticket_subject;

        // ... (code truncated)

}

If I set the class's last_ticket_subject to "This is a test
c:\test\foo.com" later in the code, then do the following:

addslashes(serialize($login_handler))

and check the database, once again it didn't add any slashes. The only
way I can get it to add the slashes as I think it should, is to do the
following:

addslashes(str_replace("\\", "\\\\", serialize($login_handler)))

I am doing something wrong (or did I misunderstand something) or is this
in fact a bug? I have tested it on PHP 4.2, 4.3.2, and 4.3.3 and the
behavior is exactly the same. If it isn't a bug, can someone clarify for
me why addslashes would be designed this way?

Jeremy Johnstone