From b37762aa55bb7b63e29c1ac067bcdeb6092e2802 Mon Sep 17 00:00:00 2001 From: Christoph Michael Becker Date: Thu, 20 Feb 2020 08:22:39 +0000 Subject: [PATCH] Note that PDO parser supports backslash escapes Cf. bug #79276. git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@349240 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/pdo/pdo/prepare.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/reference/pdo/pdo/prepare.xml b/reference/pdo/pdo/prepare.xml index a41f137dc1..1803ffa647 100644 --- a/reference/pdo/pdo/prepare.xml +++ b/reference/pdo/pdo/prepare.xml @@ -54,6 +54,18 @@ style parameter markers to something more appropriate, if the driver supports one style but not the other. + + + As of PHP 5.3.0, the parser used for emulated prepared statements and for + rewriting named or question mark style parameters supports the non standard + backslash escapes for single- and double quotes. That means that terminating + quotes immediately preceeded by a backslash are not recognized as such, which + may result in wrong detection of parameters causing the prepared statement to + fail when it is executed. A work-around is to not use emulated prepares for + such SQL queries, and to avoid rewriting of parameters by using a parameter style + which is natively supported by the driver. + + &reftitle.parameters;