views:

641

answers:

2

I am passing the variable with dot in query string.Php is replacing the dot with under score. So how can i retain the variable name which is having dot in the name

http://localhost/sample.php?one.txt=on&two.txt=on

sample.php

$ret=$_REQUEST['one.txt'];//Not working

+1  A: 

try

$ret=$_REQUEST['one_txt'];
James
+11  A: 

The reason PHP is converting your variable name from one.txt into one_txt is because dots are not valid in variable names.

For more details, look at the PHP Documentation:

Variable names follow the same rules as other labels in PHP. A valid variable name starts with a letter or underscore, followed by any number of letters, numbers, or underscores. As a regular expression, it would be expressed thus: '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'

You can either account for the change (. to _) and check for $_REQUEST['one_txt'] or you can make your HTML form pass a valid variable name instead.

Edit:

To follow-up on Michael Borgwardt's comment, here's the text from PHP's documentation about handling variables from external sources:

Dots in incoming variable names

Typically, PHP does not alter the names of variables when they are passed into a script. However, it should be noted that the dot (period, full stop) is not a valid character in a PHP variable name. For the reason, look at it:

<?php
$varname.ext;  /* invalid variable name */
?>

Now, what the parser sees is a variable named $varname, followed by the string concatenation operator, followed by the barestring (i.e. unquoted string which doesn't match any known key or reserved words) 'ext'. Obviously, this doesn't have the intended result.

For this reason, it is important to note that PHP will automatically replace any dots in incoming variable names with underscores.

It is indeed a PHP specific thing.

Carlos Lima
I don't see how PHP's rules for identifiers are relevant to what query string key names are valid. If anything, this is a PHP-specific convention that exists because of the register_globals feature that nobody should be using anyway because it's horribly insecure.
Michael Borgwardt
@Michael Borgwardt: indeed you make a valid point. It is a PHP specific thing, probably a legacy from the time register_globals was the default. And I hope nobody is using anymore too :)
Carlos Lima