Bug #54437 [Com]: mysql_real_escape_string don't escape: \x00, \n, \r and \x1a

[jose dot nobile at gmail dot com]

Edit report at http://bugs.php.net/bug.php?id=54437&edit=1

 ID:                 54437
 Comment by:         jose dot nobile at gmail dot com
 Reported by:        jose dot nobile at gmail dot com
 Summary:            mysql_real_escape_string don't escape: \x00, \n, \r
                     and \x1a
 Status:             Bogus
 Type:               Bug
 Package:            MySQL related
 Operating System:   Any
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

Can you explain, why this function is not working as is documented?



And, What is the correct function, to espace binary data with chars "\r"
than to 

have to escape before to send to mysql?


Previous Comments:
------------------------------------------------------------------------
[2011-04-01 07:52:24] dtajchre...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php



------------------------------------------------------------------------
[2011-03-31 22:54:17] jose dot nobile at gmail dot com

Description:
------------
mysql_real_escape_string don't escape: \x00, \n, \r and \x1a as is
mentioned in 

documentation:



http://co.php.net/manual/es/function.mysql-real-escape-string.php



and \r in a quote string in a insert into query, is a syntax error, I'm
handling 

binary data (PDF Files).



Tested on Windows XP SP3 with PHP builds from PHP, and Centos 5.5 with
personal 

configure, both using PHP 5.3.6 and in Windows, MySQL Server version is
5.5.8-log 

and Centos is 5.0.77-log





Client API version      mysqlnd 5.0.8-dev - 20102224 - $Revision: 308673 $

Test script:
---------------
$link = @mysql_pconnect("localhost","root","");

if (!$link)

{

        die('Not connected : ' . mysql_error());

}

echo "\\x00, \\n, \\r, \\, ', \" and \\x1a.";

echo "<br />\r\n";

print mysql_escape_string("\x00, \n, \r, \, ', \" and \x1a.");

Expected result:
----------------
\x00, \n, \r, \, ', " and \x1a.



\\x00, \\n, \\r, \\, \', \" and \\x1a.

Actual result:
--------------
\x00, \n, \r, \, ', " and \x1a.



\0, \n, \r, \\, \', \" and \Z.


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54437&edit=1