Edit report at http://pear.php.net/bugs/bug.php?id=16405&edit=1

ID: 16405
Updated by: holger.schletz@web.de
Reported By: holger dot schletz at web dot de
Summary: Compatibility issues with escaped strings
-Status: Open
+Status: Closed
Type: Bug
Package: MDB2_Driver_pgsql
Package Version: 1.5.0b2
PHP Version: Irrelevant
-Assigned To:
+Assigned To: hschletz
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: hschletz

Previous Comments:

[2009-07-05 17:32:22] hschletz

The following patch has been added/updated:

Patch Name: enforce_escapes_in_normal_quotes
Revision: 1246811541


[2009-07-05 17:31:01] hschletz

PostgreSQL 8.2 introduced a new behavior regarding escape sequences in
string literals. A special quoting method (E'...', introduced in 8.1)
should be used instead of normal quotes. Starting with 8.2, the behavior
of normal quotes is controlled by the new "standard_conforming_strings"
setting. It currently (as of 8.4) defaults to "off" (which may change
with future releases), keeping the old behavior of interpreting escape
sequences, and a warning is logged (controlled by the
"escape_string_warning" setting). When set to "on", escape sequences are
ignored: '\n' would literally become a backslash and the letter 'n'
instead of a newline character.

for more information.

MDB2's quote() method (and also execute(), which makes use of quote())
does not take this into account. Now we are at the mercy of the
standard_conforming_strings setting, which may be controlled by the
server's default, the server administrator and the application itself.

Making quote() return escape-style quotes (which also work if the
string does not contain escape sequences) would be easy, but this would
not solve all problems:

- Strings that are not quoted using quote() would not be affected.
Recommended or not, we can't prevent applications from doing things like
$result = $db->query ("SELECT foo FROM bar where foo='a\\\\b'");
- The string_quoting['start'] property should be set to "E'" which
would break _skipDelimitedStrings() if the query contains a placeholder
within normal quotes (which would habe been introduced manually, like in
the example above). This problem could be worked around, but in an ugly
- Applications that use the result of quote() beyond its purpose and do
some funny stuff with it (like stripping the quotes) might break.

For best compatibility, I think it's better to set
standard_conforming_strings to "off" (and to disable the warning) for
servers >= 8.2. The attached patch does this upon connection. The
application might change this setting afterwards, but that must be done
explicitly by someone who probably knows what he's doing.


Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 1 | next ›
Discussion Overview
grouppear-bugs @
postedAug 2, '09 at 8:44a
activeAug 2, '09 at 8:44a

1 user in discussion

Holger Schletz: 1 post



site design / logo © 2022 Grokbase