PHP :: Bug #51486 :: preg

Bug #51486

preg_replace bug

Submitted:

2010-04-06 10:42 UTC

Modified:

2010-04-07 03:26 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

82508 at qq dot com

Assigned:

Status:

Not a bug

Package:

*General Issues

PHP Version:

5.2.13

OS:

windows

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	82508 at qq dot com
New email:
PHP Version:		OS:

New Comment:

[2010-04-06 10:42 UTC] 82508 at qq dot com

Description:
------------
<?php
echo"bug.........bug";
$sql="SELECT * FROM su_gamesdb WHERE manufacturers= 'sdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdsdfasdfasdfdfsdfsdfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdf'";
$q="'";
$qe="\\'";
echo "/$q($qe|\\\\{2}|[^$q])*$q/";
$sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
exit;
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-04-07 02:26 UTC] kalle@php.net

-Status: Open +Status: Bogus

[2010-04-07 02:26 UTC] kalle@php.net

[2010-04-07 03:26 UTC] 82508 at qq dot com

preg_replace bug
and
Zend_Db_Statement
->_stripQuoted
bug:
    protected function _stripQuoted($sql)
    {
        // get the character for delimited id quotes,
        // this is usually " but in MySQL is `
        $d = $this->_adapter->quoteIdentifier('a');
        $d = $d[0];

        // get the value used as an escaped delimited id quote,
        // e.g. \" or "" or \`
        $de = $this->_adapter->quoteIdentifier($d);
        $de = substr($de, 1, 2);
        $de = str_replace('\\', '\\\\', $de);

        // get the character for value quoting
        // this should be '
        $q = $this->_adapter->quote('a');
        $q = $q[0];

        // get the value used as an escaped quote,
        // e.g. \' or ''
        $qe = $this->_adapter->quote($q);
        $qe = substr($qe, 1, 2);
        $qe = str_replace('\\', '\\\\', $qe);

        // get a version of the SQL statement with all quoted
        // values and delimited identifiers stripped out
        // remove "foo\"bar"
        //echo $sql;exit;
        $sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
        // remove 'foo\'bar'
        if (!empty($q)) {
            $sql = preg_replace("/$q($qe|[^$q])*$q/", '', $sql);
        }

        return $sql;
    }

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jun 04 09:01:27 2025 UTC