#34837 [NEW]: sqlite_escape_string() fails to escape double quotes correctly

Wed, 12 Oct 2005 03:29:07 -0700 

From:             veter at oxarchdigital dot com
Operating system: Win32
PHP version:      5.1.0RC1
PHP Bug Type:     SQLite related
Bug description:  sqlite_escape_string() fails to escape double quotes correctly

Description:
------------
sqlite_escape_string() replaces single quotes fine (' becomes ''), whilst
it fails to replace double quotes, which are still used in some odd SQL
code, and which are confusing SQLite. Should there be another optional
parameter selecting which quotes to escape?

Reproduce code:
---------------
$sValue = sqlite_escape_string('This string contains "double quotes"');
// Note " not ' used in this SQL statement!
$sQuery = 'INSERT INTO testtab(testfld) VALUES("' . $sValue . '")';
sqlite_query($linkID, $sQuery);

Expected result:
----------------
Successful INSERT operation

Actual result:
--------------
SQL failure


-- 
Edit bug report at http://bugs.php.net/?id=34837&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=34837&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=34837&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=34837&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=34837&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=34837&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=34837&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=34837&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=34837&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=34837&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=34837&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=34837&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=34837&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=34837&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=34837&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=34837&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=34837&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=34837&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=34837&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=34837&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=34837&r=mysqlcfg

Reply via email to