>> The query Zend generates looks right to me. What makes you think it
>> should be producing something with groups of four slashes?
>
> it might look right to you, but is definitely wrong, as you can see in the Note in the MySQL Reference Manual
> under:
> http://dev.mysql.com/doc/refman/5.5/en/string-comparison-functions.html
>
> It's what it says, that makes me think it should be producing something with groups of four slashes:
Your original post neglected to mention the DB you were using.
I am not sure it makes sense for Zend DB to try and meet your
requirements there.
The escaping the Zend DB is responsible for is that required to ensure
data gets through properly in the general case without SQL injection,
not format strings to the requirements of specific functions.
I'm not sure it can reasonably be expected to do what your ask because
I don't think it is in a position to guess the users intent.
For example think it would be perfectly reasonable for someone to do
something like:
$match='\t'
$this->fetchAll(
$this->select()->where('string LIKE ?', $match));
if they wanted to match on a tab.
Thus I think it makes sense for the user to ensure the $match is
appropriately formatted as a pattern the LIKE function understands
while allowing Zend DB to take care of the second (or first) iteration
of escaping.
Paul
>
> Because MySQL uses C escape syntax in strings (for example, "\n" to represent a newline character), you must double any "\" that you
> use in LIKE strings. For example, to search for "\n", specify it as "\\n". To search for "\", specify it as "\\\\"; this is because
> the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched
> against.
>
> So there it is:
> To search for "\", specify it as "\\\\";
>
>
>> What does the data actually look like when you select it out of the
>> DB? It should have only one slash (without you needing to do
>> stripslashes).
>
> Of course it is coming out of the db like:
> C:\some\path\with\backslahes
>
> Regards
> Viktor
>
>
>
>> -----Original Message-----
>> From: Paul McGarry [mailto:paul@paulmcgarry.com]
>> Sent: Wednesday, December 29, 2010 10:24 PM
>> To: info@intelligibel.de
>> Cc: fw-mvc@lists.zend.com
>> Subject: Re: [fw-mvc] Zend_Db quote backslashes issue
>>
>> On Thu, Dec 30, 2010 at 2:27 AM, Viktor Grandgeorg
>> <info@intelligibel.de> wrote:
>> > Hello,
>> >
>> > it seems that Zend_Db does not escape backslashes right -
>> or I'm doing something wrong:
>> >
>> > in my db table "dir" I have a column named "path" with the
>> folowing entry:
>> >
>> > C:\some\path\with\backslahes
>> >
>> > In my DbTable class I'm doing something like:
>> >
>> > $path = "C:\some\path\with\backslahes"; // in reality the
>> value comes from a config.ini
>> > $this->fetchAll(
>> > $this->select()->where('path LIKE ?', $path));
>> >
>> > Now Zend_Db generates the following query:
>> >
>> > SELECT `dir`.* FROM `dir` WHERE (path LIKE
>> 'C:\\some\\path\\with\\backslahes')
>> >
>> > This is wrong and the corresponding row never gets matched.
>> > It must be the following SQL query to match the right row(s):
>> >
>> > SELECT `dir`.* FROM `dir` WHERE (path LIKE
>> 'C:\\\\some\\\\path\\\\with\\\\backslahes')
>> >
>> > Can somebody confirm this issue?
>>
>> The query Zend generates looks right to me. What makes you think it
>> should be producing something with groups of four slashes?
>>
>> What does the data actually look like when you select it out of the
>> DB? It should have only one slash (without you needing to do
>> stripslashes).
>> If it is coming out of the db like:
>> C:\\some\\path\\with\\backslahes
>> then it has been escaped too many times when you inserted it.
>>
>>
>> Paul
>>
>
>
没有评论:
发表评论