FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » store backslash in mysql database
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: store backslash in mysql database [message #170730 is a reply to message #170729] Wed, 17 November 2010 11:28 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 11/17/2010 5:53 AM, Helmut Chang wrote:
> Am 14.11.2010 20:08, schrieb Jerry Stuckle:
>> On 11/13/2010 3:41 AM, Helmut Chang wrote:
>>> Am 13.11.2010 04:28, schrieb Jerry Stuckle:
>
> That's, what you wrote:
>
>>>> mysql_real_escape_string() won't change backslashes.
>
> That's, what the manual says:
>
>>> | mysql_real_escape_string() calls MySQL's library function
>>> | mysql_real_escape_string, which prepends backslashes to the following
>>> | characters: \x00, \n, \r, \, ', " and \x1a.
>
> So the function escapes a backslash.
>

A single backslash, I agreed. But not all escaped characters.

>> You're correct on the specific case of "\n" and I am incorrect. However,
>> please read more closely. It does NOT handle every other instance of a
>> backslash - it doesn't, for instance, handle \t or \b, both of which are
>> valid control characters. In fact, it only handles 5 specific cases.
>
> Sorry, here you confuse the *string* "\t" with the *Tab*-Character,
> which can be expressed in PHP by writing:
>
> $data = "A\tB";
>
> This string internally contains no backslash. It contains three
> characters. You wrote:
>
> | mysql_real_escape_string() won't change backslashes. It has no way
> | to know if, for instance, "\n" is a newline character or a backslash |
> and an n.
>
> And I wrote, that it does. And it's irrelevant, that
> mysql_real_escape_string() does not escape a tab-character, because
> there's no need to. But it must escape a backslash-character, because
> mysql itself treats a backslash also as an escaping character:
>
> INSERT INTO foo (bar) VALUES 'A\tB';
> INSERT INTO foo (bar) VALUES 'A B';
>
> are equivalent.
>
> But if you want to insert a string "\t", the backslash must be escaped:
>
> INSERT INTO foo (bar) VALUES 'A\\tB';
>
> Here's a script:
>
> <?php
> $string1 = "A B";
> $string2 = "A\tB";
> $string3 = 'A\tB';
>
> var_dump($string1);
> var_dump($string2);
> var_dump($string3);
>
> $conn = mysql_connect('localhost', 'root', 'xxx');
>
> $escapedString1 = mysql_real_escape_string($string1, $conn);
> $escapedString2 = mysql_real_escape_string($string2, $conn);
> $escapedString3 = mysql_real_escape_string($string3, $conn);
>
> var_dump($escapedString1);
> var_dump($escapedString2);
> var_dump($escapedString3);
>
> mysql_select_db('test');
>
> $query = "INSERT INTO CharTest (CharColumn) VALUES ('%s')";
>
> mysql_query(sprintf($query, $escapedString1));
> mysql_query(sprintf($query, $escapedString2));
> mysql_query(sprintf($query, $escapedString3));
>
> $result = mysql_query('SELECT CharColumn FROM CharTest');
> while ($row = mysql_fetch_assoc($result))
> var_dump($row['CharColumn']);
>
> mysql_free_result($result);
> mysql_close($conn);
> ?>
>
>

I'm not confusing anything. You're making the assumption that the
string was created in PHP. I am not - I've seen before what happens
when a string incorrectly created by an extension caused problems in PHP.

There is NO indication that the encryption routine was written in PHP or
some other language; if it was another language, there can be other
problems which mysql_real_escape_string() cannot fix - because it is
depending on the string being created correctly in PHP.

And BTW - I figured out the difference between a tab character and the
string backslash-t about 25 years ago, when I was working with C.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: website url as input how to create and save image on server in php?
Next Topic: Cannot write utf8 data into a utf8 column
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 01:26:43 GMT 2024

Total time taken to generate the page: 0.04512 seconds