diff options
| author | Davey Shafik <me@daveyshafik.com> | 2016-02-02 13:35:51 -0500 |
|---|---|---|
| committer | Davey Shafik <me@daveyshafik.com> | 2016-02-02 13:35:51 -0500 |
| commit | 0beca6be082fce3e7e10d7495bd07e1f2e3f972e (patch) | |
| tree | 780852f3b19ab055fb9cd12e7e09bc4204405f46 | |
| parent | 3527de42a66bcc7462f86f85bb7fce57ca77b540 (diff) | |
| download | php7-mysql-shim-0beca6be082fce3e7e10d7495bd07e1f2e3f972e.zip php7-mysql-shim-0beca6be082fce3e7e10d7495bd07e1f2e3f972e.tar.gz php7-mysql-shim-0beca6be082fce3e7e10d7495bd07e1f2e3f972e.tar.bz2 | |
Fix escaping not copying non-escapeable chars to the escaped string
| -rw-r--r-- | lib/mysql.php | 16 | ||||
| -rw-r--r-- | tests/MySqlShimTest.php | 2 |
2 files changed, 11 insertions, 7 deletions
diff --git a/lib/mysql.php b/lib/mysql.php index c2f3aad..9fa32cb 100644 --- a/lib/mysql.php +++ b/lib/mysql.php @@ -688,24 +688,28 @@ namespace Dshafik { for ($i = 0; $i < strlen($unescapedString); $i++) { switch ($unescapedString{$i}) { case "\0": - $esc = 0; + $esc = "\\0"; break; case "\n": - $esc = "n"; + $esc = "\\n"; break; case "\r": - $esc = "r"; + $esc = "\\r"; break; case '\\': case '\'': case '"': - $esc = $unescapedString{$i}; + $esc = "\\{$unescapedString{$i}}"; break; case "\032": - $esc = 'Z'; + $esc = "\\Z"; + break; + default: + $esc = $unescapedString{$i}; break; } - $escapedString .= "\\$esc"; + + $escapedString .= $esc; } diff --git a/tests/MySqlShimTest.php b/tests/MySqlShimTest.php index b4ae963..097692d 100644 --- a/tests/MySqlShimTest.php +++ b/tests/MySqlShimTest.php @@ -656,7 +656,7 @@ class MySqlShimTest extends \PHPUnit_Framework_TestCase public function test_mysql_escape_string() { - $this->assertEquals('\\\'\0\Z\r\n\"\\\\', @mysql_escape_string("'\0\032\r\n\"\\")); + $this->assertEquals('\\\'\0\Z\r\n\"\\\\safestring', @mysql_escape_string("'\0\032\r\n\"\\safestring")); } /** |