Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.0b4

Bug #16405 Compatibility issues with escaped strings
Submitted: 2009-07-05 21:31 UTC
From: hschletz Assigned: hschletz
Status: Closed Package: MDB2_Driver_pgsql (version 1.5.0b2)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  


 [2009-07-05 21:31 UTC] hschletz (Holger Schletz)
Description: ------------ PostgreSQL 8.2 introduced a new behavior regarding escape sequences in string literals. A special quoting method (E'...', introduced in 8.1) should be used instead of normal quotes. Starting with 8.2, the behavior of normal quotes is controlled by the new "standard_conforming_strings" setting. It currently (as of 8.4) defaults to "off" (which may change with future releases), keeping the old behavior of interpreting escape sequences, and a warning is logged (controlled by the "escape_string_warning" setting). When set to "on", escape sequences are ignored: '\n' would literally become a backslash and the letter 'n' instead of a newline character. See http://www.postgresql.org/docs/8.4/interactive/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS for more information. MDB2's quote() method (and also execute(), which makes use of quote()) does not take this into account. Now we are at the mercy of the standard_conforming_strings setting, which may be controlled by the server's default, the server administrator and the application itself. Making quote() return escape-style quotes (which also work if the string does not contain escape sequences) would be easy, but this would not solve all problems: - Strings that are not quoted using quote() would not be affected. Recommended or not, we can't prevent applications from doing things like this: $result = $db->query ("SELECT foo FROM bar where foo='a\\\\b'"); - The string_quoting['start'] property should be set to "E'" which would break _skipDelimitedStrings() if the query contains a placeholder within normal quotes (which would habe been introduced manually, like in the example above). This problem could be worked around, but in an ugly fashion... - Applications that use the result of quote() beyond its purpose and do some funny stuff with it (like stripping the quotes) might break. For best compatibility, I think it's better to set standard_conforming_strings to "off" (and to disable the warning) for servers >= 8.2. The attached patch does this upon connection. The application might change this setting afterwards, but that must be done explicitly by someone who probably knows what he's doing.

Comments

 [2009-07-05 21:32 UTC] hschletz (Holger Schletz)
The following patch has been added/updated: Patch Name: enforce_escapes_in_normal_quotes Revision: 1246811541 URL: http://pear.php.net/bugs/patch-display.php?bug=16405&patch=enforce_escapes_in_normal_quotes&revision=1246811541&display=1
 [2009-08-02 14:41 UTC] hschletz (Holger Schletz)
-Status: Open +Status: Closed -Assigned To: +Assigned To: hschletz