Edit report at http://bugs.php.net/bug.php?id=51486&edit=1
ID: 51486
User updated by: 82508 at qq dot com
Reported by: 82508 at qq dot com
Summary: preg_replace bug
Status: Bogus
Type: Bug
Package: *General Issues
Operating System: windows
PHP Version: 5.2.13
New Comment:
preg_replace bug
and
Zend_Db_Statement
->_stripQuoted
bug:
protected function _stripQuoted($sql)
{
// get the character for delimited id quotes,
// this is usually " but in MySQL is `
$d = $this->_adapter->quoteIdentifier('a');
$d = $d[0];
// get the value used as an escaped delimited id quote,
// e.g. \" or "" or \`
$de = $this->_adapter->quoteIdentifier($d);
$de = substr($de, 1, 2);
$de = str_replace('\\', '\\\\', $de);
// get the character for value quoting
// this should be '
$q = $this->_adapter->quote('a');
$q = $q[0];
// get the value used as an escaped quote,
// e.g. \' or ''
$qe = $this->_adapter->quote($q);
$qe = substr($qe, 1, 2);
$qe = str_replace('\\', '\\\\', $qe);
// get a version of the SQL statement with all quoted
// values and delimited identifiers stripped out
// remove "foo\"bar"
//echo $sql;exit;
$sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
// remove 'foo\'bar'
if (!empty($q)) {
$sql = preg_replace("/$q($qe|[^$q])*$q/", '', $sql);
}
return $sql;
}
Previous Comments:
------------------------------------------------------------------------
[2010-04-07 02:26:10] [email protected]
.
------------------------------------------------------------------------
[2010-04-06 10:42:58] 82508 at qq dot com
Description:
------------
<?php
echo"bug.........bug";
$sql="SELECT * FROM su_gamesdb WHERE manufacturers=
'sdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdsdfasdfasdfdfsdfsdfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsddfadfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdfsdfsdfasdfasdfdf'";
$q="'";
$qe="\\'";
echo "/$q($qe|\\\\{2}|[^$q])*$q/";
$sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
exit;
?>
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51486&edit=1
