IBM Support

PHP db2_escape_string behavior has been changed

Question & Answer


Question

Why doesn't PHP db2_escape_string work as documentation in 1.6.4 version?

Cause

It is an expected behavior.

Answer

Here is the documentation:
db2_escape_string
http://php.net/manual/en/function.db2-escape-string.php
...
Prepends backslashes to special characters in the string argument.

Parameters

string_literal

The string that contains special characters that need to be modified.
Characters that are prepended with a backslash are \x00, \n, \r, \, ', " and \x1a.
...

It can be read as, if give a quote, will return a backslach and a quote. But did not.
Here is an unexpected behavior reproducible step.

1. Create the below php program.

phptest.php
--------------------------------
<?php
$conn = new PDO("ibm:DSN=test","","");

$x = "quote\"\"''";
print $x;
print "\n";
print db2_escape_string($x);
print "\n";
?>
--------------------------------

2. Add the [test] information to /sqllib/cfg/db2cli.ini.

--------------------------------
[test]
Database=sample
Protocol=tcpip
Hostname=192.168.x.xx
Servicename=5000x
uid=xxxx
--------------------------------

3. Execute the phptest.php

--------------------------------
php phptest.php
quote""''
quote""''''
--------------------------------

Until ibm_db2 version 1.6.3, db2_escape_string used to work as specified in the
documentation. In 1.6.4 version, it has changed the code in db2_escape_string to
escape ' with '' only.

If inserting the o'grady into the esacape it table, to search the same string in the by
declaring $name = "o'grady";
without escaping the ' as '', SELECT will fail to fetch the matching row. To Handle this
scenario db2_escape_string API has been modified in 1.6.4 version.

Unfortunately, there is no documentation about this changing. No work around available
for this matter. Here is "Changelog for ibm_db2" for your information.
https://pecl.php.net/package-changelog.php?package=ibm_db2&release=1.6.4

Note:
This behavior might be changed without notice in the future. We can confirm whether this
technote is valid or not by following this technote. Please contact your Sales Rep to
submit a potential design change towards a future release. Or please open a ticket,
Request For Enhancement at https://www.ibm.com/developerworks/rfe/

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Programming Interface - Other","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"9.7;10.1;10.5;11.1","Edition":"Advanced Enterprise Server;Advanced Workgroup Server;Enterprise Server;Workgroup Server","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21999158

Page Feedback