PHP :: Bug #54437 :: mysql_real_escape_string don't escape: \x00, \n, \r and \x1a

Bug #54437	mysql_real_escape_string don't escape: \x00, \n, \r and \x1a
Submitted:	2011-03-31 22:54 UTC	Modified:	2011-04-01 18:31 UTC
From:	jose dot nobile at gmail dot com	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	5.3.6	OS:	Any
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jose dot nobile at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-03-31 22:54 UTC] jose dot nobile at gmail dot com

Description:
------------
mysql_real_escape_string don't escape: \x00, \n, \r and \x1a as is mentioned in 
documentation:

http://co.php.net/manual/es/function.mysql-real-escape-string.php

and \r in a quote string in a insert into query, is a syntax error, I'm handling 
binary data (PDF Files).

Tested on Windows XP SP3 with PHP builds from PHP, and Centos 5.5 with personal 
configure, both using PHP 5.3.6 and in Windows, MySQL Server version is 5.5.8-log 
and Centos is 5.0.77-log


Client API version	mysqlnd 5.0.8-dev - 20102224 - $Revision: 308673 $

Test script:
---------------
$link = @mysql_pconnect("localhost","root","");
if (!$link)
{
	die('Not connected : ' . mysql_error());
}
echo "\\x00, \\n, \\r, \\, ', \" and \\x1a.";
echo "<br />\r\n";
print mysql_escape_string("\x00, \n, \r, \, ', \" and \x1a.");

Expected result:
----------------
\x00, \n, \r, \, ', " and \x1a.

\\x00, \\n, \\r, \\, \', \" and \\x1a.

Actual result:
--------------
\x00, \n, \r, \, ', " and \x1a.

\0, \n, \r, \\, \', \" and \Z.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-04-01 07:52 UTC] dtajchreber@php.net

-Status: Open +Status: Bogus

[2011-04-01 07:52 UTC] dtajchreber@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

[2011-04-01 15:36 UTC] jose dot nobile at gmail dot com

Can you explain, why this function is not working as is documented?

And, What is the correct function, to espace binary data with chars "\r" than to 
have to escape before to send to mysql?

[2011-04-01 18:31 UTC] dtajchreber@php.net

Those are control characters. Because they've been escaped you're seeing a text 
representation of them instead of 
the literal characters. I don't know why you would expect anything different 
from when you manually escaped them? 

You can escape binary data with with mysql_real_escape_string or change the 
encoding your binary data to base64 for 
example...

[1] http://en.wikipedia.org/wiki/Control_character
[2] http://en.wikipedia.org/wiki/Base64
[3] http://us2.php.net/manual/en/function.base64-encode.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 07:01:32 2024 UTC