|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13701 mysql_escape_string() bugged
Submitted: 2001-10-16 19:57 UTC Modified: 2001-10-23 14:24 UTC
From: ed3f at phreaker dot net Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.0.6 OS: OpenBSD 2.9
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ed3f at phreaker dot net
New email:
PHP Version: OS:


 [2001-10-16 19:57 UTC] ed3f at phreaker dot net
mysql_escape_string() is bugged.
It escapes also '\'.
So if I make:

$string = 'Hi \dumb\ man';
$estring = mysql_escape_string($string);

$estring = 'Hi \\dumb\\ man';

So I put it in a cell
UPDATE ... SET string='.$estring.'

All ok ?

If I try to SELECT I obtain 
$estring not $string !

This is really annoying for public site powered by MySQL that accept comments.
Also PHP-Nuke have (had?) this problem.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-23 14:24 UTC]
Intended behaviour. You are doing something wrong.
You might have magic_quotes_runtime enabled in your php.ini
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Mar 28 11:04:08 2023 UTC