php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #51503 pg_escape_string() mishandles \
Submitted: 2010-04-07 23:08 UTC Modified: 2012-03-31 06:04 UTC
From: richard at on-the dot net Assigned: yohgaki (profile)
Status: Wont fix Package: PostgreSQL related
PHP Version: 5.3.2 OS: debian
Private report: No CVE-ID: None
 [2010-04-07 23:08 UTC] richard at on-the dot net
Description:
------------
My understanding of pg_escape_string() is that it will escape only those characters that require escaping by the postgresql database.

Using standard_conforming_strings=on in postgres (8.2.4) a "\" (backslash) character is just a backslash character, not a special character requiring escaping.  Therefore, I do not think pg_escape_string('\') should return '\\' but rather '\'.

The only way I can see to enter a single backslash character is to use the E('\\') syntax but I should not have do so.


Test script:
---------------
<?php
print pg_escape_string(' \ ');
?>



Expected result:
----------------
should return ' \ '

Actual result:
--------------
returns ' \\ '

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-31 06:04 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: yohgaki
 [2012-03-31 06:04 UTC] yohgaki@php.net
It just doesn't care about server settings.
New pg_escape_literal()/pg_escape_identifier() does better escaping.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC