PHP :: Bug #51486 :: preg

Bug #51486

preg_replace bug

Submitted:

2010-04-06 10:42 UTC

Modified:

2010-04-07 03:26 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

82508 at qq dot com

Assigned:

Status:

Not a bug

Package:

*General Issues

PHP Version:

5.2.13

OS:

windows

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	82508 at qq dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-04-06 10:42 UTC] 82508 at qq dot com

Description:
------------
<?php
echo"bug.........bug";
$sql="SELECT * FROM su_gamesdb WHERE manufacturers= 'sdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdsdfasdfasdfdfsdfsdfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdf'";
$q="'";
$qe="\\'";
echo "/$q($qe|\\\\{2}|[^$q])*$q/";
$sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
exit;
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-04-07 02:26 UTC] kalle@php.net

-Status: Open +Status: Bogus

[2010-04-07 02:26 UTC] kalle@php.net

[2010-04-07 03:26 UTC] 82508 at qq dot com

preg_replace bug
and
Zend_Db_Statement
->_stripQuoted
bug:
    protected function _stripQuoted($sql)
    {
        // get the character for delimited id quotes,
        // this is usually " but in MySQL is `
        $d = $this->_adapter->quoteIdentifier('a');
        $d = $d[0];

        // get the value used as an escaped delimited id quote,
        // e.g. \" or "" or \`
        $de = $this->_adapter->quoteIdentifier($d);
        $de = substr($de, 1, 2);
        $de = str_replace('\\', '\\\\', $de);

        // get the character for value quoting
        // this should be '
        $q = $this->_adapter->quote('a');
        $q = $q[0];

        // get the value used as an escaped quote,
        // e.g. \' or ''
        $qe = $this->_adapter->quote($q);
        $qe = substr($qe, 1, 2);
        $qe = str_replace('\\', '\\\\', $qe);

        // get a version of the SQL statement with all quoted
        // values and delimited identifiers stripped out
        // remove "foo\"bar"
        //echo $sql;exit;
        $sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
        // remove 'foo\'bar'
        if (!empty($q)) {
            $sql = preg_replace("/$q($qe|[^$q])*$q/", '', $sql);
        }

        return $sql;
    }

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 06 16:01:33 2024 UTC