Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.0b4

Bug #16405 Compatibility issues with escaped strings
Submitted: 2009-07-05 21:31 UTC
From: hschletz Assigned: hschletz
Status: Closed Package: MDB2_Driver_pgsql (version 1.5.0b2)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    

 [2009-07-05 21:31 UTC] hschletz (Holger Schletz)
Description: ------------ PostgreSQL 8.2 introduced a new behavior regarding escape sequences in string literals. A special quoting method (E'...', introduced in 8.1) should be used instead of normal quotes. Starting with 8.2, the behavior of normal quotes is controlled by the new "standard_conforming_strings" setting. It currently (as of 8.4) defaults to "off" (which may change with future releases), keeping the old behavior of interpreting escape sequences, and a warning is logged (controlled by the "escape_string_warning" setting). When set to "on", escape sequences are ignored: '\n' would literally become a backslash and the letter 'n' instead of a newline character. See for more information. MDB2's quote() method (and also execute(), which makes use of quote()) does not take this into account. Now we are at the mercy of the standard_conforming_strings setting, which may be controlled by the server's default, the server administrator and the application itself. Making quote() return escape-style quotes (which also work if the string does not contain escape sequences) would be easy, but this would not solve all problems: - Strings that are not quoted using quote() would not be affected. Recommended or not, we can't prevent applications from doing things like this: $result = $db->query ("SELECT foo FROM bar where foo='a\\\\b'"); - The string_quoting['start'] property should be set to "E'" which would break _skipDelimitedStrings() if the query contains a placeholder within normal quotes (which would habe been introduced manually, like in the example above). This problem could be worked around, but in an ugly fashion... - Applications that use the result of quote() beyond its purpose and do some funny stuff with it (like stripping the quotes) might break. For best compatibility, I think it's better to set standard_conforming_strings to "off" (and to disable the warning) for servers >= 8.2. The attached patch does this upon connection. The application might change this setting afterwards, but that must be done explicitly by someone who probably knows what he's doing.


 [2009-07-05 21:32 UTC] hschletz (Holger Schletz)
The following patch has been added/updated: Patch Name: enforce_escapes_in_normal_quotes Revision: 1246811541 URL:
 [2009-08-02 14:41 UTC] hschletz (Holger Schletz)
-Status: Open +Status: Closed -Assigned To: +Assigned To: hschletz