PHP :: Bug #55335 :: PDO query processing with postgres standard_conforming

Bug #55335

PDO query processing with postgres standard_conforming_strings and escape chars

Submitted:

2011-08-01 11:29 UTC

Modified:

2011-09-12 16:45 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

jakob at revealit dot dk

Assigned:

Status:

Not a bug

Package:

PDO related

PHP Version:

5.3.6

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jakob at revealit dot dk
New email:
PHP Version:		OS:

New Comment:

[2011-08-01 11:29 UTC] jakob at revealit dot dk

Description:
------------
The test script below shows the point best.

One thing to notice, is that this bug only happens when you have 
standard_conforming_strings set to "on" in your postgres.conf file.

It seems like the fact that PHP uses '\' as escape char might be messing things 
up, sd $pdo->quote("\\") return '\' when standard_conforming_strings is set to 
"on" vs, '\\' when it's off.

Test script:
---------------
$pdo = new PDO($dns, $username, $password);
$statement = $pdo->prepare("SELECT table.* FROM table table WHERE (column ILIKE :db_condition_placeholder_0 ESCAPE " . $pdo->quote("\\") . ") AND (column ILIKE :db_condition_placeholder_1 ESCAPE " . $pdo->quote("\\") . ");");
$statement->execute(array(':db_condition_placeholder_0' => 'test', ':db_condition_placeholder_1' => 'test'));

Expected result:
----------------
No errors and query executed:

Actual result:
--------------
Error produced: Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid 
parameter number: :db_condition_placeholder_1 in

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-09-12 16:45 UTC] iliaa@php.net

-Status: Open +Status: Bogus

[2011-09-12 16:45 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The issue is not with PHP but rather PostgreSQL's PQescapeStringConn function 
which is what PHP uses to escape to implement quote(). This function does not 
appear to be aware of the standard_conforming_strings setting and continues to use 
\ where '' should be used.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 19 18:01:33 2024 UTC