#31237 [NEW]: mysql_real_escape_string incorrectly escapes string

Tue, 21 Dec 2004 17:59:25 -0800 

From:             amcclimo at chariot dot net dot au
Operating system: OSX
PHP version:      5.0.1
PHP Bug Type:     MySQL related
Bug description:  mysql_real_escape_string incorrectly escapes string

Description:
------------
mysql_real_escape_string incorrectly escapes string such as:

  <span style="color: #000000;">

The last double quote isn't properly escaped, the escape character is
added, but the double quote is dropped:

  <span style=\"color: #000000;\>

The reason for it failing to quote this is the space between the : and the
# ... if you remove the space, the correct escaped string is returned:

  <span style=\"color: #000000;\">



Reproduce code:
---------------
<?
$link = mysql_connect($server, $user, $pass);

$item = '<span style="color: #000000;">';
$escaped = mysql_real_escape_string($item);
print "<pre>\n";
print "String : ".$item."\n";
print "Escaped: ".$escaped."\n";
print "</pre>";
?>


Expected result:
----------------
The expected escaped string is:

  <span style=\"color: #000000;\">

Actual result:
--------------
The actual escaped string is:

  <span style=\"color: #000000;\>

-- 
Edit bug report at http://bugs.php.net/?id=31237&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=31237&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=31237&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=31237&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=31237&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=31237&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=31237&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=31237&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=31237&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=31237&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=31237&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=31237&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=31237&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=31237&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=31237&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=31237&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=31237&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=31237&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=31237&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=31237&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=31237&r=mysqlcfg

Reply via email to