PHP :: Bug #30424 :: mysql_real_escape_string fails to escape a"b`c'd/e\f right

Bug #30424	mysql_real_escape_string fails to escape a"b`c'd/e\f right
Submitted:	2004-10-13 21:42 UTC	Modified:	2004-10-13 23:26 UTC
From:	tomer at ivrit dot org dot il	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	5.0.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tomer at ivrit dot org dot il
New email:
PHP Version:		OS:

New Comment:

[2004-10-13 21:42 UTC] tomer at ivrit dot org dot il

Description:
------------
It seems that mysql_real_escape_string fails to escape
the string 'a"b`c'd/e\f' (without the surrounding quotes)
right..

Reproduce code:
---------------
While magic_quotes_gpc are off and submitting on a POST form: a"b`c'd/e\f

$query = sprintf("UPDATE tbl SET field='%s'", mysql_real_escape_string($_POST['name']));
$result = mysql_query($query);



Expected result:
----------------
The mysql_error() will be a syntax error of course..

Actual result:
--------------
You have an error in your SQL syntax near 'd/e\f', ...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-13 22:18 UTC] tomer at ivrit dot org dot il

Sorry from all the testing I confused it up.
It won't return an error but instead it will submit only the 'a' character and drop the rest of the string after it.

[2004-10-13 23:26 UTC] tomer at ivrit dot org dot il

Sorry for the bother, bogus, won't happen again.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Oct 30 03:00:01 2025 UTC