Use preg_quote() to escape text before inserting into regexp #224

merged 1 commit into from Nov 21, 2012


None yet
4 participants

fruit commented Nov 20, 2012

PHP has build-in function preg_quote() in order to escape strings witch are dynamically inserted into regular expression.


thank you for positing this Pull Request. I have automatically opened an issue on our Jira Bug Tracker for you with the details of this Pull-Request. See the Link:


schmittjoh commented Nov 20, 2012

I think this was done for performance reasons. Could you run the performance tests?

// cc @akkie


fruit commented Nov 21, 2012

This Simple test outputs:

Test  1: 2.3414
Test  2: 2.3390
Test  3: 2.3256
Test  4: 2.4525
Test  5: 2.3969
Elapsed (str_replace): 11.8560 (avg: 2.3711)

Test  1: 2.2144
Test  2: 2.0641
Test  3: 2.1135
Test  4: 2.0677
Test  5: 2.0456
Elapsed (preg_quote): 10.5056 (avg: 2.1011)

Conclusion: preg_quote() is just a little faster, as well as escapes other characters, that can cause regular expression injection

@guilhermeblanco guilhermeblanco added a commit that referenced this pull request Nov 21, 2012

@guilhermeblanco guilhermeblanco Merge pull request #224 from fruit/preg_quote
Use preg_quote() to escape text before inserting into regexp

@guilhermeblanco guilhermeblanco merged commit d8c17cd into doctrine:master Nov 21, 2012

1 check passed

default The Travis build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment