PHP :: Bug #30424 :: mysql_real_escape_string fails to escape a"b`c'd/e\f right

Bug #30424	mysql_real_escape_string fails to escape a"b`c'd/e\f right
Submitted:	2004-10-13 21:42 UTC	Modified:	2004-10-13 23:26 UTC
From:	tomer at ivrit dot org dot il	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	5.0.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2004-10-13 21:42 UTC] tomer at ivrit dot org dot il

Description:
------------
It seems that mysql_real_escape_string fails to escape
the string 'a"b`c'd/e\f' (without the surrounding quotes)
right..

Reproduce code:
---------------
While magic_quotes_gpc are off and submitting on a POST form: a"b`c'd/e\f

$query = sprintf("UPDATE tbl SET field='%s'", mysql_real_escape_string($_POST['name']));
$result = mysql_query($query);



Expected result:
----------------
The mysql_error() will be a syntax error of course..

Actual result:
--------------
You have an error in your SQL syntax near 'd/e\f', ...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-13 22:18 UTC] tomer at ivrit dot org dot il

Sorry from all the testing I confused it up.
It won't return an error but instead it will submit only the 'a' character and drop the rest of the string after it.

[2004-10-13 23:26 UTC] tomer at ivrit dot org dot il

Sorry for the bother, bogus, won't happen again.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 12:01:30 2024 UTC