php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #48238 pg_escape_string() output should be in E'...', not '...'
Submitted: 2009-05-11 19:49 UTC Modified: 2009-11-19 10:46 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: thuejk at gmail dot com Assigned:
Status: Not a bug Package: Documentation problem
PHP Version: Irrelevant OS: All
Private report: No CVE-ID: None
 [2009-05-11 19:49 UTC] thuejk at gmail dot com
Description:
------------
On http://dk.php.net/pg_escape_string you write

  // Escape the text data
  $escaped = pg_escape_string($data);
  
  // Insert it into the database
  pg_query("INSERT INTO correspondence (name, data) VALUES ('My letter', '{$escaped}')");

However, on a recent version on postgresql this will produce warnings (in the postgresql log), for example if $data contains backslashes. As they write at http://www.postgresql.org/docs/8.3/interactive/runtime-config-compatible.html :

    escape_string_warning (boolean)

    When on, a warning is issued if a backslash (\) appears in an ordinary string literal ('...' syntax) and standard_conforming_strings is off. The default is on.

    Applications that wish to use backslash as escape should be modified to use escape string syntax (E'...'), because the default behavior of ordinary strings will change in a future release for SQL compatibility.

So obviously the PHP manual should be changed to use the future-proof E'{$escaped}' instead of '{$escaped}'.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-11 20:39 UTC] thuejk at gmail dot com
To be a little more concrete, the following code

<?php
  $query = sprintf("SELECT '%s'", pg_escape_string('\\'));
  pg_query($query);
?>

Gives the following error in /var/log/postgresql/postgresql-8.3-main.log :
  2009-05-11 22:38:27 CEST WARNING:  nonstandard use of \\ in a string literal at character 8
  2009-05-11 22:38:27 CEST HINT:  Use the escape string syntax for backslashes, e.g., E'\\'.
 [2009-11-19 10:46 UTC] vrana@php.net
Nothing to document.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Aug 17 16:05:45 2022 UTC