|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #51503 pg_escape_string() mishandles \
Submitted: 2010-04-07 23:08 UTC Modified: 2012-03-31 06:04 UTC
From: richard at on-the dot net Assigned: yohgaki (profile)
Status: Wont fix Package: PostgreSQL related
PHP Version: 5.3.2 OS: debian
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-04-07 23:08 UTC] richard at on-the dot net
My understanding of pg_escape_string() is that it will escape only those characters that require escaping by the postgresql database.

Using standard_conforming_strings=on in postgres (8.2.4) a "\" (backslash) character is just a backslash character, not a special character requiring escaping.  Therefore, I do not think pg_escape_string('\') should return '\\' but rather '\'.

The only way I can see to enter a single backslash character is to use the E('\\') syntax but I should not have do so.

Test script:
print pg_escape_string(' \ ');

Expected result:
should return ' \ '

Actual result:
returns ' \\ '


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-31 06:04 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: yohgaki
 [2012-03-31 06:04 UTC]
It just doesn't care about server settings.
New pg_escape_literal()/pg_escape_identifier() does better escaping.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 04:03:37 2021 UTC