Edit report at http://pear.php.net/bugs/bug.php?id=17039&edit=1

ID: 17039
Comment by: jon@siliconcircus.com
Reported By: jon at siliconcircus dot com
Summary: _skipDelimitedStrings getting confused by escaped
Status: Open
Type: Bug
Package: MDB2
Operating System: Debian Sid
Package Version: CVS
PHP Version: 5.2.5
Roadmap Versions:
New Comment:

The attached patch fixes the problem for me.

Previous Comments:

[2010-01-27 18:58:59] sircus

Added #patch


[2010-01-27 18:30:16] sircus

Using prepare() on a query such as UPDATE user SET User='a\'b:+c'
results in the whole of the string after 'b' being replaced by a single
question mark.

The problem is that the MySQL driver's value for $string_quoting is an
array. The building of $ignores at the start of _skipDelimitedStrings
results in

array (
'start' => '\'',
'end' => '\'',
'escape' => '\\',
'escape_pattern' => '\\',
0 =>
array (
'start' => '`',
'end' => '`',
'escape' => '`',

foreach ($ignores as $ignore) then gets '\'' as its first value for
$ignore. This results in $ignore['escape'] being '\''. This results in
prepare only skipping as far as the first apostrophe, because it's
treated as unescaped. This results in modifyQuery() treating the colon
as a placeholder. The + then seems to result in the remainder of the
string being truncated.

Test script:
require_once 'MDB2.php';
$dbh = MDB2::connect($dsn, $db_options);
if (MDB2::isError($dbh))
$q = $dbh->prepare("UPDATE user SET User='a\'b:+c'", null,
if ($dbh->isError($q))
echo("Test passed");

Expected result:
I expect the text "Test passed"

Actual result:
_doQuery: [Error message: Could not execute statement]
[Last executed query: PREPARE
mdb2_statement_mysql_1c2b48e2af2a575aff97b07a6b431d346f59b551e FROM
'UPDATE user SET User=\'a\\\'b?']
[Native code: 1064]
[Native message: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near ''a\'b?' at line 1]


Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 3 | next ›
Discussion Overview
grouppear-bugs @
postedJan 27, '10 at 7:01p
activeJan 31, '10 at 5:28p

2 users in discussion

Jon: 2 posts L Alberton: 1 post



site design / logo © 2022 Grokbase