php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32750 pg_escape_string removes some backslashes
Submitted: 2005-04-18 21:42 UTC Modified: 2005-04-21 23:32 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: master-bx at users dot sourceforge dot net Assigned:
Status: Not a bug Package: PostgreSQL related
PHP Version: 5.0.4 OS: Windows XP SP2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: master-bx at users dot sourceforge dot net
New email:
PHP Version: OS:

 

 [2005-04-18 21:42 UTC] master-bx at users dot sourceforge dot net
Description:
------------
Some backslashes are lost after using that function, same bug seems to be in mysqli_real_escape_string.

Another function (mysql_real_escape_string) does well, if this is not a bug please give me a solution to fix this.

Thank you,

hajo @ bxcp.com

Reproduce code:
---------------
$var = '\ \\ \\\';

$test = pg_escape_string($var);
echo $test;

Expected result:
----------------
'\ \\ \\\'

Actual result:
--------------
' \ \\'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-20 09:16 UTC] sniper@php.net
Isn't the expected result supposed to be:

'\\ \\\\ \\\\\\' 

What does var_dump($var); output before and after doing pg_escape_string() ?


 [2005-04-20 11:36 UTC] master-bx at users dot sourceforge dot net
$var outputs \ \\ \\\ before and after it, and $test doesn't get an extra \ in most of my tests.
 [2005-04-20 17:06 UTC] sniper@php.net
Please paste the exact output of this script:

<?php
$var = '\ \\ \\\';
var_dump($var);
$test = pg_escape_string($var);
var_dump($test);
?>

 [2005-04-20 23:16 UTC] master-bx at users dot sourceforge dot net
Parse error: syntax error, unexpected $end in ***\Apache2\htdocs\test.php on line 6

So my example has been wrong, sorry. Tried it with '\ \\ \\\\' and got the following:

string(6) '\ \ \\' string(10) '\\ \\ \\\\'

So it does well, but ...

to better describe my problem: mysql_real_escape_string does it another way, because it handles POST-data correct for database-storage. pg_escape_string and mysqli_real_escape_string are cutting some \ and i don't get the data stored like the input cames from POST. do you understand it now or need a larger example?
 [2005-04-21 14:38 UTC] sniper@php.net
Have you read this manual page very carefully:

http://www.php.net/mysql_real_escape_string

Especially the part about magic_quotes..(the example too)

 [2005-04-21 20:22 UTC] master-bx at users dot sourceforge dot net
yes, here is my mysql testing code:

<?php
function sql_escape($var) {
  
  if(!isset($mq_gpc)) { 
    $mq_gpc = ini_get('magic_quotes_gpc');
    static $mq_gpc;
  }
  if(!empty($mq_gpc)) {
    stripslashes($var);
  }
  return <>($var);
}
?>

<> = mysql(i)_real_escape_string or pg_escape_string

mysql works, mysqli and pg not, but i found a typo in a function that uses this one. i will go on testing ...
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net
The bug can be closed, my mistake. variable must be first set to static an then defined. that caused the error. nevertheless thanks for help.
 [2005-04-21 23:31 UTC] master-bx at users dot sourceforge dot net
done
 [2005-04-21 23:32 UTC] tony2001@php.net
No bug -> bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 15 18:01:30 2024 UTC