Edit report at http://bugs.php.net/bug.php?id=54437&edit=1
ID: 54437
Updated by: dtajchre...@php.net
Reported by: jose dot nobile at gmail dot com
Summary: mysql_real_escape_string don't escape: \x00, \n, \r
and \x1a
-Status: Open
+Status: Bogus
Type: Bug
Package: MySQL related
Operating System: Any
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Previous Comments:
------------------------------------------------------------------------
[2011-03-31 22:54:17] jose dot nobile at gmail dot com
Description:
------------
mysql_real_escape_string don't escape: \x00, \n, \r and \x1a as is
mentioned in
documentation:
http://co.php.net/manual/es/function.mysql-real-escape-string.php
and \r in a quote string in a insert into query, is a syntax error, I'm
handling
binary data (PDF Files).
Tested on Windows XP SP3 with PHP builds from PHP, and Centos 5.5 with
personal
configure, both using PHP 5.3.6 and in Windows, MySQL Server version is
5.5.8-log
and Centos is 5.0.77-log
Client API version mysqlnd 5.0.8-dev - 20102224 - $Revision: 308673 $
Test script:
---------------
$link = @mysql_pconnect("localhost","root","");
if (!$link)
{
die('Not connected : ' . mysql_error());
}
echo "\\x00, \\n, \\r, \\, ', \" and \\x1a.";
echo "<br />\r\n";
print mysql_escape_string("\x00, \n, \r, \, ', \" and \x1a.");
Expected result:
----------------
\x00, \n, \r, \, ', " and \x1a.
\\x00, \\n, \\r, \\, \', \" and \\x1a.
Actual result:
--------------
\x00, \n, \r, \, ', " and \x1a.
\0, \n, \r, \\, \', \" and \Z.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54437&edit=1
