Get PHP to Stop Replacing '.' Characters in $_Get or $_Post Arrays

Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?

Here's PHP.net's explanation of why it does it:

Dots in incoming variable names
Typically, PHP does not alter the
names of variables when they are
passed into a script. However, it
should be noted that the dot (period,
full stop) is not a valid character in
a PHP variable name. For the reason,
look at it:
<?php
$varname.ext;  /* invalid variable name */
?>
Now, what
the parser sees is a variable named
$varname, followed by the string
concatenation operator, followed by
the barestring (i.e. unquoted string
which doesn't match any known key or
reserved words) 'ext'. Obviously, this
doesn't have the intended result.
For this reason, it is important to
note that PHP will automatically
replace any dots in incoming variable
names with underscores.

That's from http://ca.php.net/variables.external.

Also, according to this comment these other characters are converted to underscores:

The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):
chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)

So it looks like you're stuck with it, so you'll have to convert the underscores back to dots in your script using dawnerd's suggestion (I'd just use str_replace though.)

%20 is Converted to Unerscore in the $_GET Array. Are There Other Characters Like This?

PHP replaces certain characters with an underscore because they are illegal in variable names. Even though they are legal in array keys, earlier versions of PHP would put form variables directly in variables (i.e. $a_b; see Register Globals), so this conversion was put in. This is done with space, dot, open square bracket, and control characters between 128 and 159.

This is only done with the names themselves, not to, for example, any array key parameters (i.e. http://example.com/foo.php?a[b.%20c]=1) since any character is legal in an array key. (Note that the array parameter feature itself means that open square bracket will not be replaced with _ as implied by the above in certain situations - the example will give $_GET['a']['b. c'] == 1.)

Source: http://ca.php.net/variables.external

Related question: Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?

Why does PHP replaces . with an underscore if it's a key in $_GET?

Here is a quote from PHP manual

Dots in incoming variable names
Typically, PHP does not alter the names of variables when they are
passed into a script. However, it should be noted that the dot
(period, full stop) is not a valid character in a PHP variable name.
For the reason, look at it:
<?php $varname.ext;  /* invalid variable name */ ?> Now, what the
parser sees is a variable named $varname, followed by the string
concatenation operator, followed by the barestring (i.e. unquoted
string which doesn't match any known key or reserved words) 'ext'.
Obviously, this doesn't have the intended result. For this reason, it
is important to note that PHP will automatically replace any dots in
incoming variable names with underscores.

Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?

Here's PHP.net's explanation of why it does it:

Dots in incoming variable names
Typically, PHP does not alter the
names of variables when they are
passed into a script. However, it
should be noted that the dot (period,
full stop) is not a valid character in
a PHP variable name. For the reason,
look at it:
<?php
$varname.ext;  /* invalid variable name */
?>
Now, what
the parser sees is a variable named
$varname, followed by the string
concatenation operator, followed by
the barestring (i.e. unquoted string
which doesn't match any known key or
reserved words) 'ext'. Obviously, this
doesn't have the intended result.
For this reason, it is important to
note that PHP will automatically
replace any dots in incoming variable
names with underscores.

That's from http://ca.php.net/variables.external.

Also, according to this comment these other characters are converted to underscores:

The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):
chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)

So it looks like you're stuck with it, so you'll have to convert the underscores back to dots in your script using dawnerd's suggestion (I'd just use str_replace though.)

The symbol of dot has been replaced in parameter names on the underscore (PHP)

This is expected PHP behavior as mentioned in their official documentation. As far as I know, PHP applies this rule when parsing the $_POST superglobal because of reasons related to backwards compatibility (register_globals).

The reason for php://input showing your actual parameter name is because this is a raw input stream, showing data that has not yet been parsed by PHP. While $_POST data is parsed.

In short, avoid using dot notation for PHP input parameter naming or be willing to implement your own parsing mechanism in order to support it.

Restrictions on characters in POST variable names

The following characters not allowed in variable names:

chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)

(Cite: Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?)

For the other guys, +, /, and = are fine for $_POST, and for variable names.

First, if you are sure all the underscores in $_POST should be periods (which may or may not be a fair assumption, but...)

<form name=test>
<input type=text name="+./=" value='hello'>
<input type=submit>

<?php
foreach ($_POST as $key=>$postVar)
{
$newKey=str_replace("_",".",$key);
$newPost[$newKey]=$postVar;
}
$_POST=$newPost;
echo $_POST['+./=']; //hello

and in variable names, you can use Variable variables

${'var+./='}=1;
echo ++${'var+./='}; //2
?>

PHP replaces spaces with underscores

From the PHP manual:

Dots in incoming variable names

Typically, PHP does not alter the
names of variables when they are
passed into a script. However, it
should be noted that the dot (period,
full stop) is not a valid character in
a PHP variable name. For the reason,
look at it:
<?php $varname.ext;  /* invalid variable name */ ?>
Now, what
the parser sees is a variable named
$varname, followed by the string
concatenation operator, followed by
the barestring (i.e. unquoted string
which doesn't match any known key or
reserved words) 'ext'. Obviously, this
doesn't have the intended result.

For this reason, it is important to
note that PHP will automatically
replace any dots in incoming variable
names with underscores.

And a comment on the page:

The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):
chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)
PHP irreversibly modifies field names containing these characters in an attempt to maintain compatibility with the deprecated register_globals feature.

Get PHP to Stop Replacing '.' Characters in $_Get or $_Post Arrays

Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?

Dots in incoming variable names

%20 is Converted to Unerscore in the $_GET Array. Are There Other Characters Like This?

Why does PHP replaces . with an underscore if it's a key in $_GET?

Get PHP to stop replacing '.' characters in $_GET or $_POST arrays?

Dots in incoming variable names

The symbol of dot has been replaced in parameter names on the underscore (PHP)

Restrictions on characters in POST variable names

PHP replaces spaces with underscores

Related Topics

Leave a reply