|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32750 pg_escape_string removes some backslashes
Submitted: 2005-04-18 21:42 UTC Modified: 2005-04-21 23:32 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: master-bx at users dot sourceforge dot net Assigned:
Status: Not a bug Package: PostgreSQL related
PHP Version: 5.0.4 OS: Windows XP SP2
Private report: No CVE-ID: None
 [2005-04-18 21:42 UTC] master-bx at users dot sourceforge dot net
Some backslashes are lost after using that function, same bug seems to be in mysqli_real_escape_string.

Another function (mysql_real_escape_string) does well, if this is not a bug please give me a solution to fix this.

Thank you,

hajo @

Reproduce code:
$var = '\ \\ \\\';

$test = pg_escape_string($var);
echo $test;

Expected result:
'\ \\ \\\'

Actual result:
' \ \\'


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-20 09:16 UTC]
Isn't the expected result supposed to be:

'\\ \\\\ \\\\\\' 

What does var_dump($var); output before and after doing pg_escape_string() ?

 [2005-04-20 11:36 UTC] master-bx at users dot sourceforge dot net
$var outputs \ \\ \\\ before and after it, and $test doesn't get an extra \ in most of my tests.
 [2005-04-20 17:06 UTC]
Please paste the exact output of this script:

$var = '\ \\ \\\';
$test = pg_escape_string($var);

 [2005-04-20 23:16 UTC] master-bx at users dot sourceforge dot net
Parse error: syntax error, unexpected $end in ***\Apache2\htdocs\test.php on line 6

So my example has been wrong, sorry. Tried it with '\ \\ \\\\' and got the following:

string(6) '\ \ \\' string(10) '\\ \\ \\\\'

So it does well, but ...

to better describe my problem: mysql_real_escape_string does it another way, because it handles POST-data correct for database-storage. pg_escape_string and mysqli_real_escape_string are cutting some \ and i don't get the data stored like the input cames from POST. do you understand it now or need a larger example?
 [2005-04-21 14:38 UTC]
Have you read this manual page very carefully:

Especially the part about magic_quotes..(the example too)

 [2005-04-21 20:22 UTC] master-bx at users dot sourceforge dot net
yes, here is my mysql testing code:

function sql_escape($var) {
  if(!isset($mq_gpc)) { 
    $mq_gpc = ini_get('magic_quotes_gpc');
    static $mq_gpc;
  if(!empty($mq_gpc)) {
  return <>($var);

<> = mysql(i)_real_escape_string or pg_escape_string

mysql works, mysqli and pg not, but i found a typo in a function that uses this one. i will go on testing ...
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net
The bug can be closed, my mistake. variable must be first set to static an then defined. that caused the error. nevertheless thanks for help.
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net
 [2005-04-21 23:32 UTC]
No bug -> bogus.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 22 08:01:29 2024 UTC