|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-05-11 19:49 UTC] thuejk at gmail dot com
Description: ------------ On http://dk.php.net/pg_escape_string you write // Escape the text data $escaped = pg_escape_string($data); // Insert it into the database pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', '{$escaped}')"); However, on a recent version on postgresql this will produce warnings (in the postgresql log), for example if $data contains backslashes. As they write at http://www.postgresql.org/docs/8.3/interactive/runtime-config-compatible.html : escape_string_warning (boolean) When on, a warning is issued if a backslash (\) appears in an ordinary string literal ('...' syntax) and standard_conforming_strings is off. The default is on. Applications that wish to use backslash as escape should be modified to use escape string syntax (E'...'), because the default behavior of ordinary strings will change in a future release for SQL compatibility. So obviously the PHP manual should be changed to use the future-proof E'{$escaped}' instead of '{$escaped}'. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Nov 19 17:00:01 2025 UTC |
To be a little more concrete, the following code <?php $query = sprintf("SELECT '%s'", pg_escape_string('\\')); pg_query($query); ?> Gives the following error in /var/log/postgresql/postgresql-8.3-main.log : 2009-05-11 22:38:27 CEST WARNING: nonstandard use of \\ in a string literal at character 8 2009-05-11 22:38:27 CEST HINT: Use the escape string syntax for backslashes, e.g., E'\\'.