Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:109049 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 96354 invoked from network); 16 Mar 2020 11:01:03 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 16 Mar 2020 11:01:03 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id CAA181804E6 for ; Mon, 16 Mar 2020 02:23:23 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8560 212.227.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 16 Mar 2020 02:23:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1584350601; bh=6W5zo9ma9LbxBvS+w4TXBoL5L8qnJzztPDDvlmzCi40=; h=X-UI-Sender-Class:To:From:Subject:Date; b=h0x9Ua/0n9abxX3Ug2N9aOQFp+a+9H+NW2+yDxDlXknb26oS5z7HT6wtB4b4NkmiK jGDZt/Nl3herU3QIx2mhEX64j3QtNPvjoe3Np23dpxqo8BzqtA7Eg7UddNOqpzkCZi 83Y3YudAQytGt/6SA6rKVBA9ivDje+ZjCeTUWVyI= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.2.130] ([79.222.41.175]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N0XD2-1jYkjV1kH6-00wWOA for ; Mon, 16 Mar 2020 10:23:21 +0100 To: PHP internals Message-ID: <7b073954-74ea-7877-97dc-dbf87d4f3e8a@gmx.de> Date: Mon, 16 Mar 2020 10:23:21 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:Yvx/3ji49v0eT/0TWGpSh90ekue2bWryuYxLIqrSiIdCSSM0QXi +gDR8B5h89vxHzfy2e5ZITYZ7y0fMKKEXtDj5BpaYLPyOeN3LJNuItN9gkJwTAQKKFuaxrx mZt7F+Ijall0lpiitQ5Xc9GuZqk4yVYtszErF8Ar2KGHMYob3Omlre1hU0kgJADxbyzogUi 6uWskuuC1LEh/XBU/rsbw== X-UI-Out-Filterresults: notjunk:1;V03:K0:nC6NL2kX85o=:NXdSFkKEWMk34BJm4s8n1Z G3+5Gx7iUzXCwDff4/6vVT/zO4waYqrs/Zu6q59Ghw3Gzw2+ZOTs/vf3akQoEWcvfQOIjlZCX l6NHwyA7mUJlFiGkL9L54C2Sq9CO6gjtzSv/h6ZVvXhWhus8wrNKdgALDHUiDVtF9QjPgMgle ynYe+3d+ZgPqC1Y/F4bxtYxIlmXU9kzuSBR4/87khxZevl/0Nzk2Kk1yU7QnVah8MpIAcd+CY eoeJ6U8vVry7wVk4ZODcctwhyzcAVA8sqrYo3kNSEDR9T6wW+cDIw2ffUPyR6JeLhXJEPFLGx hgQEcQTB2g/wWzgvgYtXnxl5xy0uGoCVxW8ATgGnlfMXU7/9J+Yl5lk9mW7Paqnagiof3TWyO XVtYnb0IYrjFl5nn/UE5k0h0WWCoZRZtiAelus9EuuOpoXD5Se0ASuj7aj+TpMLd0gRdlswBZ Nn8ct/4bLPLxybXZee7xb9BNBj/nBH6UY6iqXjh+r3kHV7LtRqoUozteKuVXuiQvIOmv0sdrp a1NC7sUFlFDow3gQ44jgqdCAnaauwqQZWzluT1yzV9qPJgEwNvBCy42bhiECh3SXg+OJ1DcN1 Gxl0EgUUQS+qoVfxOZhK2q5/1ZLrp2cvg8xBDWUwfbVFQ88sAkTRoU446OSiyH+SCaGhFQN06 0QwnVC6SPfiMK4Te9wBG6t4xq8lBx9HaMpFYL9eZ1TzdK0vXpF4gCTysJXlA/JhfScmoCLBYD nMcUzcB9eS37o9SZ24pe//yS5+GeZQth9rDivweUEWmWsO0x7hjNom6e4dNX7c4LCUYS4UcYc xVMWrQO/RpDnFj+jiVbj8FlvJsNq7lScdqgWejR49BSGj/wFT6q0TqWFPAawoYCzQ3K6nzcVX E0HnhoaH/yEqdwNPuguQriNPXH7sWtBaR6EtWe1olYy3utbH3Ok+oZ7H5mThiFADip50h4Qj3 hlBXrNS87THzz9dgWAyOcuZIfARuBEQ/R1C2yZcSmrF0DIPEUGRCSbZ1VAG4yTBqspEuyspcM Mc6hpPaHc4eHBfdekuyaXXUeIpuifS7qH64XUn3ZVeGyfAHi9O8jtBXsyHQxbtxDqCLX2obDb ib4jGwNk8efpyX4jscQ5nRcK3wsBy0pYaVTw+YSJJjSnnFQMmpJ+S7c5P8DQ70oU2H04KfqMn vB3ZTo0zTRG85hvzYAY1FKB3PCzXhDTlhZG655gCb4y6FSoskS5rK2TwfvwUedlC/Z8TNA0sH U0lnrJ+GC6cDtQva6 Subject: PDO parser: drop support for backslash escapes From: cmbecker69@gmx.de ("Christoph M. Becker") Hi all, as it is now (for a long time), the PDO parser supports the proprietary backslash escapes for (double-)quotes in SQL string literals (the standard way to escape quootes in SQL strings is to double them). This causes string terminating quotes to be not recognized as such whenever they are immediately preceeded by a backslash. This has been reported as bug #79276[1], which shows a perfectly valid SQL query, which is not parsed correctly by the PDO parser. Another example which does currently not work as expected is part of the accompanying pull request[2]= . Since I have not received much feedback on this so far, I'm bringing it up on the list: I think we should completely drop support for backslash escapes in the PDO parser as of PHP 8. If it was possible to support these without breaking other standard conforming SQL queries, it would be nice to keep it, but that doesn't seem to be possible. Thoughts? [1] [2] =2D- Christoph M. Becker