PHP :: Request #51503 :: pg_escape

Request #51503	pg_escape_string() mishandles \
Submitted:	2010-04-07 23:08 UTC	Modified:	2012-03-31 06:04 UTC
From:	richard at on-the dot net	Assigned:	yohgaki (profile)
Status:	Wont fix	Package:	PostgreSQL related
PHP Version:	5.3.2	OS:	debian
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	richard at on-the dot net
New email:
PHP Version:		OS:

New Comment:

[2010-04-07 23:08 UTC] richard at on-the dot net

Description:
------------
My understanding of pg_escape_string() is that it will escape only those characters that require escaping by the postgresql database.

Using standard_conforming_strings=on in postgres (8.2.4) a "\" (backslash) character is just a backslash character, not a special character requiring escaping.  Therefore, I do not think pg_escape_string('\') should return '\\' but rather '\'.

The only way I can see to enter a single backslash character is to use the E('\\') syntax but I should not have do so.


Test script:
---------------
<?php
print pg_escape_string(' \ ');
?>



Expected result:
----------------
should return ' \ '

Actual result:
--------------
returns ' \\ '

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-03-31 06:04 UTC] yohgaki@php.net

-Status: Open +Status: Wont fix -Assigned To: +Assigned To: yohgaki

[2012-03-31 06:04 UTC] yohgaki@php.net

It just doesn't care about server settings.
New pg_escape_literal()/pg_escape_identifier() does better escaping.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 29 14:00:01 2025 UTC