PHP :: Bug #25925 :: addslashes ignoring special slash types

Bug #25925	addslashes ignoring special slash types
Submitted:	2003-10-20 13:24 UTC	Modified:	2003-10-20 18:56 UTC
From:	gameRevolt at assimsoft dot com	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	4CVS-2003-10-20 (stable)	OS:	N/A
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	gameRevolt at assimsoft dot com
New email:
PHP Version:		OS:

New Comment:

[2003-10-20 13:24 UTC] gameRevolt at assimsoft dot com

Description:
------------
An Extended Ascii code understands the following as types of quote...

0x91
0x92
0x93
0x94

mySQL uses this, and thus these need escaping by addslashes (or magic slashes). POST/GET strings involving these will not be escaped properly and thus queries involving those strings will fail.

See around line 2485 of ext/standard/string.c

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-10-20 18:56 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

You should be using mysql_escape_string() and not addslashes().

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 01:01:30 2024 UTC