[PHP-BUG] Bug #60765 [NEW]: mysqli_real_escape_string not work while use mysqlnd

Sun, 15 Jan 2012 21:51:07 -0800 

From:             
Operating system: ubuntu 10
PHP version:      5.3.9
Package:          MySQLi related
Bug Type:         Bug
Bug description:mysqli_real_escape_string not work while use mysqlnd

Description:
------------
some Multibyte word contain \ ASCII code didn't been escaped.

Test script:
---------------
$link=mysqli_connect(............);
$var="海賊";
$var=mysqli_real_escape_string($link,$var);
mysqli_query($link,"INSERT INTO table SET manga_name='$var'");
///////////////////////////////////////////////////


Expected result:
----------------
sql injection

Actual result:
--------------
it is dangerous.
my reply table has been update to all one word because this..

-- 
Edit bug report at https://bugs.php.net/bug.php?id=60765&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=60765&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=60765&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=60765&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=60765&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=60765&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=60765&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=60765&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=60765&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=60765&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=60765&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=60765&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=60765&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=60765&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=60765&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=60765&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=60765&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=60765&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=60765&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=60765&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=60765&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=60765&r=mysqlcfg

Reply via email to