php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31237 mysql_real_escape_string incorrectly escapes string
Submitted: 2004-12-22 00:58 UTC Modified: 2004-12-22 03:35 UTC
From: amcclimo at chariot dot net dot au Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5.0.1 OS: OSX
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2004-12-22 00:58 UTC] amcclimo at chariot dot net dot au 
Description:
------------
mysql_real_escape_string incorrectly escapes string such as:

  <span style="color: #000000;">

The last double quote isn't properly escaped, the escape character is added, but the double quote is dropped:

  <span style=\"color: #000000;\>

The reason for it failing to quote this is the space between the : and the # ... if you remove the space, the correct escaped string is returned:

  <span style=\"color: #000000;\">



Reproduce code:
---------------
<?
$link = mysql_connect($server, $user, $pass);

$item = '<span style="color: #000000;">';
$escaped = mysql_real_escape_string($item);
print "<pre>\n";
print "String : ".$item."\n";
print "Escaped: ".$escaped."\n";
print "</pre>";
?>


Expected result:
----------------
The expected escaped string is:

  <span style=\"color: #000000;\">

Actual result:
--------------
The actual escaped string is:

  <span style=\"color: #000000;\>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-22 03:35 UTC] amcclimo at chariot dot net dot au 
This incorrect output is an effect of the rendering of gecko based (mozilla/firefox) browsers, the raw data coming from the webserver is correct.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 21:01:30 2024 UTC