Posted by "-k." on 10/19/38 11:31

While using pg_escape_string to clean data being placed in a query sent to me by the user i get
the following error after submitting the query with pg_execute:

pg_exec(): Query failed: ERROR: invalid regular expression: invalid escape \ sequence .

It seems to happen when using just a "\" or text ending with a "\" but not if a "\" is in the
middle of a string of text.

Why doesn't pg_escape_string catch this?

To restate it maybe a little more clearly, the error occurs when i do something like:
(Pretend $_POST['user_item'] has the value "car\" in it )
<?PHP
$user_item = pg_escape_string($_POST['user_item']);

$dbconn = pg_connect('some connection string that works');
$query = "SELECT * FROM some_table WHERE some_col = '$user_item' ";
$result = pg_execute($dbconn,$query);

?>

I'm running PHP Version 4.3.4, and Apache 1.3.29.



-k.



__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

• Next in forum: Re: [PHP] Security Issues - Where to look?
• Prev in forum: Re: [PHP] FileExists?
• Thread view: Strange pg_escape_string behavior

[Reply to this message]