Edit report at http://pear.php.net/bugs/bug.php?id=16118&edit=1

ID: 16118
Updated by: l.alberton@quipo.it
Reported By: eddie at omegaware dot com
Summary: MSSQL escape doesn't take into account trailing
-Status: Open
+Status: Closed
Type: Bug
Package: MDB2
Operating System: CentOS 5
Package Version: 2.4.1
PHP Version: 5.2.9
-Assigned To:
+Assigned To: quipo
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: quipo
This bug has been fixed in SVN.

If this was a documentation problem, the fix will appear on
pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

Previous Comments:

[2009-09-27 20:51:02] urkle

It actually affects 2005 and up as well.. Most likely they just didn't
update the KB article reflecting that. But the documentation states
that's how things are escaped as well.

The testing I was doing was all done on a 2005 server with a database
IN 2005 mode (compatibility level 90)

I currently do not have a 2008 server installed, but I would assume
it's the same in 2008. Yup here is the manual entry for 2008.

which that actually states is a functionality of the sqlcmd or osql..
Meaning the backslash issue could really have to do with dblib.. so it
would affect Sybase as well. Yup seems so.. From looking through the
freetds source code it looks like a protocol of the dblib with the mssql
php extension uses.


[2009-09-27 11:13:50] quipo

What SQL Server version are you using? From the KB page you linked,
this problem is only affecting

* Microsoft SQL Server 6.5 Standard Edition
* Microsoft SQL Server 7.0 Standard Edition
* Microsoft SQL Server 2000 Standard Edition

Can you confirm this?


[2009-05-23 20:57:27] urkle

hehe.. yeah sure.. Basically SQL server does "line folding" when it
sees a backslash at the end of a line. Like what BASH does. So
basically the solution is to detect the backslash - newline sequence and
add an extra backslash in there (as one will be eaten by the line

The patch I attached uses a REGEX to check for all line ending cases
(\r\n, \r, and \n)

you can use a str_replace for speed if you ignore the \r case, which is
very unlikely to be used, and not even sure if SQL SERver even accepts


[2009-05-23 20:56:00] urkle

The following patch has been added/updated:

Patch Name: MDB2-escape.patch
Revision: 1243108560


[2009-05-23 19:28:44] doconnor

I'm dizzy reading that.

Want to write some code and attach some patches which make it clearer?


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
postedOct 3, '09 at 9:45a
activeOct 3, '09 at 9:45a

1 user in discussion

L Alberton: 1 post



site design / logo © 2022 Grokbase