Weird problem with mysql_real_escape_string and preg_replace

fancy_noodles1 · November 3, 2006

Hello, can anybody tell me why preg_replace removes the escaping done by mysql_real_escape_string, but str_replace does not. I have provided some example code below:

[code]
mysql_connect('localhost', 'root', '') or die(mysql_error());

// set up query
$string = 'SELECT * FROM pages WHERE page_id = :id';

// set up parameters
$pattern = ':id';
$replacement = '\\';

// escape
$replacement = mysql_real_escape_string($replacement);

echo preg_replace('/'.preg_quote($pattern).'/', $replacement, $string); // removes escaping done by mysql_real_escape_string?
echo '<br>';
echo str_replace($pattern, $replacement, $string); // correctly escaped
[/code]

The output is:
SELECT * FROM pages WHERE page_id = \
SELECT * FROM pages WHERE page_id = \\

Thanks for any help!

effigy · November 3, 2006

I think [url=http://us2.php.net/manual/en/function.preg-replace.php#37077]this[/url] explains it. The regex will work if you preg_quote the replacement.

fancy_noodles1 · November 3, 2006

Thanks!

Sign In

Weird problem with mysql_real_escape_string and preg_replace

Recommended Posts

fancy_noodles1

Link to comment

Share on other sites

effigy

Link to comment

Share on other sites

fancy_noodles1

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information