php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #51503 pg_escape_string() mishandles \
Submitted: 2010-04-07 23:08 UTC Modified: 2012-03-31 06:04 UTC
From: richard at on-the dot net Assigned: yohgaki (profile)
Status: Wont fix Package: PostgreSQL related
PHP Version: 5.3.2 OS: debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: richard at on-the dot net
New email:
PHP Version: OS:

 

 [2010-04-07 23:08 UTC] richard at on-the dot net
Description:
------------
My understanding of pg_escape_string() is that it will escape only those characters that require escaping by the postgresql database.

Using standard_conforming_strings=on in postgres (8.2.4) a "\" (backslash) character is just a backslash character, not a special character requiring escaping.  Therefore, I do not think pg_escape_string('\') should return '\\' but rather '\'.

The only way I can see to enter a single backslash character is to use the E('\\') syntax but I should not have do so.


Test script:
---------------
<?php
print pg_escape_string(' \ ');
?>



Expected result:
----------------
should return ' \ '

Actual result:
--------------
returns ' \\ '

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-31 06:04 UTC] yohgaki@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: yohgaki
 [2012-03-31 06:04 UTC] yohgaki@php.net
It just doesn't care about server settings.
New pg_escape_literal()/pg_escape_identifier() does better escaping.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Nov 24 16:01:24 2020 UTC