While using pg_escape_string to clean data being placed in a query sent to me by the user i get
the following error after submitting the query with pg_execute:
pg_exec(): Query failed: ERROR: invalid regular expression: invalid escape \ sequence .
It seems to happen when using just a "\" or text ending with a "\" but not if a "\" is in the
middle of a string of text.
Why doesn't pg_escape_string catch this?
To restate it maybe a little more clearly, the error occurs when i do something like:
(Pretend $_POST['user_item'] has the value "car\" in it )
<?PHP
$user_item = pg_escape_string($_POST['user_item']);
$dbconn = pg_connect('some connection string that works');
$query = "SELECT * FROM some_table WHERE some_col = '$user_item' ";
$result = pg_execute($dbconn,$query);
?>
I'm running PHP Version 4.3.4, and Apache 1.3.29.
-k.
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
