php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65053 "\'" interpreted as "\'" instead of just '
Submitted: 2013-06-17 22:26 UTC Modified: 2013-06-17 22:31 UTC
From: d_sandlin at email dot com Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5.4.16 OS: Windows 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: d_sandlin at email dot com
New email:
PHP Version: OS:

 

 [2013-06-17 22:26 UTC] d_sandlin at email dot com
Description:
------------
When I enter "INSERT INTO 'members' ('webmaster', 'abcd')" directly into 
phpMyAdmin, a record is added to table members with the appropriate values.

I've tried several other variations and can't add the record with code. 
----------------
Here is my .htaccess file:

RemoveHandler .html .htm
AddType application/x-httpd-php .php .htm .html
----------------
I had to add that to get php to work within an html file.

My host is arvixe - Linux hosting

Test script:
---------------
\\(where $uname = "webmaster" and $pword = "abcd", and the $db_variables assigned
\\ This is in an included file, db_connect.php
8  $mysqli = new mysqli($host, $db_username, $db_password, $db_name);
9  if ($mysqli->connect_errno) {
10    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " .              $mysqli->connect_error;
--------------------
} // This is where I'm having trouble: the "\'" characters aren't working as '.

22   $qtext = "INSERT INTO \'members\' (\'" . $uname . "\' , \'" . $pword . "\')";
23   echo $qtext;
24   if (!$mysqli->query($qtext)) {
25     echo "Table insertion failed: (" . $mysqli->errno . ") " . $mysqli->error;
26    }



Expected result:
----------------
I expect a record to be added to table 'members' with the following field values:

(there are only 3 fields: id int(4)(autoincrement), username varchar(65), password 
varchar(65))

id = 6 (or some number), username = "webmaster", password = "abcd"

Actual result:
--------------
This from the echo $qtext, the if(), and the SQL server:

INSERT INTO \'members\' (\'webmaster\' , \'abcd\')Table insertion failed: (1064) 
You have an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right syntax to use near '\'members\' (\'webmaster\' 
, \'abcd\')' at line 1

-----------------
The backslash code is not translating special characters.  "\'" should be 
interpreted as a single quote, but it isn't.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-17 22:31 UTC] aharvey@php.net
-Status: Open +Status: Not a bug -Package: PHP options/info functions +Package: MySQL related
 [2013-06-17 22:31 UTC] aharvey@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed May 18 10:05:45 2022 UTC