PHP :: Bug #32750 :: pg_escape_string removes some backslashes

Bug #32750

pg_escape_string removes some backslashes

Submitted:

2005-04-18 21:42 UTC

Modified:

2005-04-21 23:32 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

master-bx at users dot sourceforge dot net

Assigned:

Status:

Not a bug

Package:

PostgreSQL related

PHP Version:

5.0.4

OS:

Windows XP SP2

Private report:

CVE-ID:

None

View Developer Edit

[2005-04-18 21:42 UTC] master-bx at users dot sourceforge dot net

Description:
------------
Some backslashes are lost after using that function, same bug seems to be in mysqli_real_escape_string.

Another function (mysql_real_escape_string) does well, if this is not a bug please give me a solution to fix this.

Thank you,

hajo @ bxcp.com

Reproduce code:
---------------
$var = '\ \\ \\\';

$test = pg_escape_string($var);
echo $test;

Expected result:
----------------
'\ \\ \\\'

Actual result:
--------------
' \ \\'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-04-20 09:16 UTC] sniper@php.net

Isn't the expected result supposed to be:

'\\ \\\\ \\\\\\' 

What does var_dump($var); output before and after doing pg_escape_string() ?

[2005-04-20 11:36 UTC] master-bx at users dot sourceforge dot net

$var outputs \ \\ \\\ before and after it, and $test doesn't get an extra \ in most of my tests.

[2005-04-20 17:06 UTC] sniper@php.net

Please paste the exact output of this script:

<?php
$var = '\ \\ \\\';
var_dump($var);
$test = pg_escape_string($var);
var_dump($test);
?>

[2005-04-20 23:16 UTC] master-bx at users dot sourceforge dot net

Parse error: syntax error, unexpected $end in ***\Apache2\htdocs\test.php on line 6

So my example has been wrong, sorry. Tried it with '\ \\ \\\\' and got the following:

string(6) '\ \ \\' string(10) '\\ \\ \\\\'

So it does well, but ...

to better describe my problem: mysql_real_escape_string does it another way, because it handles POST-data correct for database-storage. pg_escape_string and mysqli_real_escape_string are cutting some \ and i don't get the data stored like the input cames from POST. do you understand it now or need a larger example?

[2005-04-21 14:38 UTC] sniper@php.net

Have you read this manual page very carefully:

http://www.php.net/mysql_real_escape_string

Especially the part about magic_quotes..(the example too)

[2005-04-21 20:22 UTC] master-bx at users dot sourceforge dot net

yes, here is my mysql testing code:

<?php
function sql_escape($var) {
  
  if(!isset($mq_gpc)) { 
    $mq_gpc = ini_get('magic_quotes_gpc');
    static $mq_gpc;
  }
  if(!empty($mq_gpc)) {
    stripslashes($var);
  }
  return <>($var);
}
?>

<> = mysql(i)_real_escape_string or pg_escape_string

mysql works, mysqli and pg not, but i found a typo in a function that uses this one. i will go on testing ...

[2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net

The bug can be closed, my mistake. variable must be first set to static an then defined. that caused the error. nevertheless thanks for help.

[2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net

done

[2005-04-21 23:32 UTC] tony2001@php.net

No bug -> bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 15:01:32 2024 UTC