Bug #54437 [Bgs]: mysql_real_escape_string don't escape: \x00, \n, \r and \x1a

Fri, 01 Apr 2011 09:31:18 -0700 

Edit report at http://bugs.php.net/bug.php?id=54437&edit=1

 ID:                 54437
 Updated by:         dtajchre...@php.net
 Reported by:        jose dot nobile at gmail dot com
 Summary:            mysql_real_escape_string don't escape: \x00, \n, \r
                     and \x1a
 Status:             Bogus
 Type:               Bug
 Package:            MySQL related
 Operating System:   Any
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

Those are control characters. Because they've been escaped you're seeing
a text 

representation of them instead of 

the literal characters. I don't know why you would expect anything
different 

from when you manually escaped them? 



You can escape binary data with with mysql_real_escape_string or change
the 

encoding your binary data to base64 for 

example...



[1] http://en.wikipedia.org/wiki/Control_character

[2] http://en.wikipedia.org/wiki/Base64

[3] http://us2.php.net/manual/en/function.base64-encode.php


Previous Comments:
------------------------------------------------------------------------
[2011-04-01 15:36:07] jose dot nobile at gmail dot com

Can you explain, why this function is not working as is documented?



And, What is the correct function, to espace binary data with chars "\r"
than to 

have to escape before to send to mysql?

------------------------------------------------------------------------
[2011-04-01 07:52:24] dtajchre...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php



------------------------------------------------------------------------
[2011-03-31 22:54:17] jose dot nobile at gmail dot com

Description:
------------
mysql_real_escape_string don't escape: \x00, \n, \r and \x1a as is
mentioned in 

documentation:



http://co.php.net/manual/es/function.mysql-real-escape-string.php



and \r in a quote string in a insert into query, is a syntax error, I'm
handling 

binary data (PDF Files).



Tested on Windows XP SP3 with PHP builds from PHP, and Centos 5.5 with
personal 

configure, both using PHP 5.3.6 and in Windows, MySQL Server version is
5.5.8-log 

and Centos is 5.0.77-log





Client API version      mysqlnd 5.0.8-dev - 20102224 - $Revision: 308673 $

Test script:
---------------
$link = @mysql_pconnect("localhost","root","");

if (!$link)

{

        die('Not connected : ' . mysql_error());

}

echo "\\x00, \\n, \\r, \\, ', \" and \\x1a.";

echo "<br />\r\n";

print mysql_escape_string("\x00, \n, \r, \, ', \" and \x1a.");

Expected result:
----------------
\x00, \n, \r, \, ', " and \x1a.



\\x00, \\n, \\r, \\, \', \" and \\x1a.

Actual result:
--------------
\x00, \n, \r, \, ', " and \x1a.



\0, \n, \r, \\, \', \" and \Z.


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54437&edit=1

Reply via email to