How to stop PHP replacing dot characters in GET, POST, or COOKIE names?

Here’s’s explanation of why it does it:

Dots in incoming variable names

Typically, PHP does not alter the
names of variables when they are
passed into a script. However, it
should be noted that the dot (period,
full stop) is not a valid character in
a PHP variable name. For the reason,
look at it:

$varname.ext;  /* invalid variable name */

Now, what
the parser sees is a variable named
$varname, followed by the string
concatenation operator, followed by
the barestring (i.e. unquoted string
which doesn’t match any known key or
reserved words) ‘ext’. Obviously, this
doesn’t have the intended result.

For this reason, it is important to
note that PHP will automatically
replace any dots in incoming variable
names with underscores.

That’s from

Also, according to this comment these other characters are converted to underscores:

The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):

  • chr(32) ( ) (space)
  • chr(46) (.) (dot)
  • chr(91) ([) (open square bracket)
  • chr(128) – chr(159) (various)

So it looks like you’re stuck with it, so you’ll have to convert the underscores back to dots in your script using dawnerd’s suggestion (I’d just use str_replace though.)

Leave a Comment