Home/ Questions/Q 36511
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T14:24:16+00:00

If I pass request fields or cookies with a period/dot in their names, PHP

  • 0

If I pass request fields or cookies with a period/dot in their names, PHP auto-replaces them with underscores. For example, if I put this code at https://example.com/test.php?x.y=a.b:

<?php echo $_SERVER['REQUEST_URI']; echo $_GET['x.y']; echo $_GET['x_y'];

the output is:

/test.php?x.y=a.b  a.b

Is there any way I can prevent this behaviour?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Here’s PHP.net’s explanation of why it does it:

    Dots in incoming variable names

    Typically, PHP does not alter the names of variables when they are passed into a script. However, it should be noted that the dot (period, full stop) is not a valid character in a PHP variable name. For the reason, look at it:

    <?php $varname.ext;  /* invalid variable name */ ?>

    Now, what the parser sees is a variable named $varname, followed by the string concatenation operator, followed by the barestring (i.e. unquoted string which doesn’t match any known key or reserved words) ‘ext’. Obviously, this doesn’t have the intended result.

    For this reason, it is important to note that PHP will automatically replace any dots in incoming variable names with underscores.

    That’s from http://ca.php.net/variables.external.

    Also, according to this comment these other characters are converted to underscores:

    The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):

    • chr(32) ( ) (space)
    • chr(46) (.) (dot)
    • chr(91) ([) (open square bracket)
    • chr(128) – chr(159) (various)

    So it looks like you’re stuck with it, so you’ll have to convert the underscores back to dots in your script using dawnerd’s suggestion (I’d just use str_replace though.)

    • 0