PHP -r, -a and .php return different results based upon " or ' marks !? [BUG]

"Daevid Vincent" <daevid@xxxxxxxxxx> · Thu, 10 Jun 2010 17:49:54 -0700

Chew on this...

developer@mypse:~$ cat ./md5test.php
#!/usr/bin/php
<?php
$password = '12345678';
echo md5(strtoupper($password));
echo "\n";
echo md5(strtoupper('12345678'));
echo "\n";

$password = '$12345678';
echo md5(strtoupper($password));
echo "\n";
echo md5(strtoupper('$12345678'));
echo "\n";
?>

developer@mypse:~$ ./md5test.php
25d55ad283aa400af464c76d713c07ad
25d55ad283aa400af464c76d713c07ad
2d05c0e3d6d22343123eae7f5678e34c
2d05c0e3d6d22343123eae7f5678e34c

developer@mypse:~$ php -r "echo md5(strtoupper('12345678'));"
25d55ad283aa400af464c76d713c07ad

developer@mypse:~$ php -a
Interactive shell
php > echo md5(strtoupper('$12345678'));
2d05c0e3d6d22343123eae7f5678e34c

developer@mypse:~$ php -r "echo md5(strtoupper('$12345678'));"
b3275960d68fda9d831facc0426c3bbc

Why is the "-r" command line version different?

man php:

       Using parameter -r you can directly execute  PHP  code  simply  as
you
       would do inside a .php file when using the eval() function.

developer@mypse:~$ php -v
PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan  6 2010
22:01:14)
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Then I tried it again on two different servers with the same result:

PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan  6 2010
22:03:33)
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

PHP 5.3.2-1ubuntu4.2 with Suhosin-Patch (cli) (built: May 13 2010 20:01:00)

Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

So now it get's more interesting...

A co-worker suggested to reverse the quotes:

developer@mypse:~$ php -r 'echo md5(strtoupper("$12345678"));'
2d05c0e3d6d22343123eae7f5678e34c

Note the use of the single and double quotes are reversed. This gives me
the RIGHT checksum.

To me this version is syntactically wrong because the " would indicate in
normal PHP to pre-parse the literal $12345678 and treat $1 as some kind of
variable or something. Whereas a ' says use the literal AS IS.

Not to mention that it is completely confusing that -r gives different
results than -a and using it in a .php file all together. 

IF quotes are a factor (as they seem to be), then the -r PHP
behind-the-scenes code should flip them around or something so the
developer doesn't have to be concerned with this edge case nonsense. 

Sanity would dictate that all ways of executing the SAME PHP code would
give the SAME results.

*sigh*

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php