php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32750 pg_escape_string removes some backslashes
Submitted: 2005-04-18 21:42 UTC Modified: 2005-04-21 23:32 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: master-bx at users dot sourceforge dot net Assigned:
Status: Not a bug Package: PostgreSQL related
PHP Version: 5.0.4 OS: Windows XP SP2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: master-bx at users dot sourceforge dot net
New email:
PHP Version: OS:

 

 [2005-04-18 21:42 UTC] master-bx at users dot sourceforge dot net 
Description:
------------
Some backslashes are lost after using that function, same bug seems to be in mysqli_real_escape_string.

Another function (mysql_real_escape_string) does well, if this is not a bug please give me a solution to fix this.

Thank you,

hajo @ bxcp.com

Reproduce code:
---------------
$var = '\ \\ \\\';

$test = pg_escape_string($var);
echo $test;

Expected result:
----------------
'\ \\ \\\'

Actual result:
--------------
' \ \\'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-20 09:16 UTC] sniper@php.net 
Isn't the expected result supposed to be:

'\\ \\\\ \\\\\\' 

What does var_dump($var); output before and after doing pg_escape_string() ?
 [2005-04-20 11:36 UTC] master-bx at users dot sourceforge dot net 
$var outputs \ \\ \\\ before and after it, and $test doesn't get an extra \ in most of my tests.
 [2005-04-20 17:06 UTC] sniper@php.net 
Please paste the exact output of this script:

<?php
$var = '\ \\ \\\';
var_dump($var);
$test = pg_escape_string($var);
var_dump($test);
?>
 [2005-04-20 23:16 UTC] master-bx at users dot sourceforge dot net 
Parse error: syntax error, unexpected $end in ***\Apache2\htdocs\test.php on line 6

So my example has been wrong, sorry. Tried it with '\ \\ \\\\' and got the following:

string(6) '\ \ \\' string(10) '\\ \\ \\\\'

So it does well, but ...

to better describe my problem: mysql_real_escape_string does it another way, because it handles POST-data correct for database-storage. pg_escape_string and mysqli_real_escape_string are cutting some \ and i don't get the data stored like the input cames from POST. do you understand it now or need a larger example?
 [2005-04-21 14:38 UTC] sniper@php.net 
Have you read this manual page very carefully:

http://www.php.net/mysql_real_escape_string

Especially the part about magic_quotes..(the example too)
 [2005-04-21 20:22 UTC] master-bx at users dot sourceforge dot net 
yes, here is my mysql testing code:

<?php
function sql_escape($var) {
  
  if(!isset($mq_gpc)) { 
    $mq_gpc = ini_get('magic_quotes_gpc');
    static $mq_gpc;
  }
  if(!empty($mq_gpc)) {
    stripslashes($var);
  }
  return <>($var);
}
?>

<> = mysql(i)_real_escape_string or pg_escape_string

mysql works, mysqli and pg not, but i found a typo in a function that uses this one. i will go on testing ...
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net 
The bug can be closed, my mistake. variable must be first set to static an then defined. that caused the error. nevertheless thanks for help.
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net 
done
 [2005-04-21 23:32 UTC] tony2001@php.net 
No bug -> bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 05:01:27 2024 UTC