ID: 34837
Updated by: [EMAIL PROTECTED]
Reported By: veter at oxarchdigital dot com
-Status: Open
+Status: Wont fix
Bug Type: SQLite related
Operating System: Win32
PHP Version: 5.1.0RC1
New Comment:
sqlite_escape_string() is just wrapper for sqlite_mprintf("%q", string)
call.
In SQLite v2 this call doubles only single quotes, while in SQLite v3
it doubles ",' and \.
I don't think sqlite_escape_string() will change ever, mostly for BC
reasons.
SQLite v3 is supported by pdo_sqlite.
Previous Comments:
------------------------------------------------------------------------
[2005-10-12 12:28:39] veter at oxarchdigital dot com
Description:
------------
sqlite_escape_string() replaces single quotes fine (' becomes ''),
whilst it fails to replace double quotes, which are still used in some
odd SQL code, and which are confusing SQLite. Should there be another
optional parameter selecting which quotes to escape?
Reproduce code:
---------------
$sValue = sqlite_escape_string('This string contains "double
quotes"');
// Note " not ' used in this SQL statement!
$sQuery = 'INSERT INTO testtab(testfld) VALUES("' . $sValue . '")';
sqlite_query($linkID, $sQuery);
Expected result:
----------------
Successful INSERT operation
Actual result:
--------------
SQL failure
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=34837&edit=1
