tags:

views:

384

answers:

4
Q: 

In PHP, strpos() fails to find double quote ('"') in string 

echo 'Tok: '.$tok.' Strpos: '.strpos($tok, "\"").' length: '.strlen($tok).'<br>';

And this:

echo 'Tok: '.$tok.' Strpos: '.strpos($tok, '"').' length: '.strlen($tok).'<br>';

Result in the following output:

Tok: "fresh Strpos: length: 11

Strpos is failing completely to find the double quote, it returns false (I checked with strpos() === false). Can someone tell me what's going on here? I can find no documentation suggesting that strpos can't handle double quotes, why isn't it finding it? I am at my wits end.

+4  A: 

Are you 1000% sure that the double quote in $tok is actually a literal " and not a HTML entity? Can you check your HTML code?

Pekka  2010-01-31 18:21:20
This. Check the source of the webpage when you echo $tok.
Daniel  2010-01-31 18:22:03
Was just coming back to post that I'd discovered that. It's an HTML entity alright: " *head desk* Input sanitization for the fail.
Daniel Bingham  2010-01-31 18:28:07
Input “sanitisation” totally for the fail at all times! HTML-encoding must not happen until the moment you put the text into HTML output; doing it at the input stage is doomed to failure, messed up database contents and security holes where other content comes in.
bobince  2010-01-31 18:42:47
+1  A: 

Using php at the command line, your code works for me.

I noticed you didn't specify the content of $tok. I also noticed it lookes like you're outputting to a browser. Are you sure that the html 

&quot

isn't being used instead of the actual quote character?

Doug T.  2010-01-31 18:24:09
A: 

strpos($tok, '"') is equaling === 0 in your case since the very first element in $tok is a double-quote ("). Then when you print out 0 you get nothing because it is a boolean FALSE.

This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE, such as 0 or "". Please read the section on Booleans for more information. Use the === operator for testing the return value of this function - http://us3.php.net/strpos

Xeoncross  2010-01-31 18:25:56
Nah, only when it's FALSE the output will be empty; otherwise it should be a numeric `0` shouldn't it`?
Pekka  2010-01-31 18:27:04
A: 

Its working for me in 5.3.0...

Rifat  2010-01-31 18:26:08

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases