From 02e5b41464cc0f918db710c60b3490f09d4b976c Mon Sep 17 00:00:00 2001
From: alhudz <al.hudz.k@gmail.com>
Date: Tue, 2 Jun 2026 00:42:34 +0530
Subject: [PATCH] escape backslashes in python and php output filters

---
 sqlparse/filters/output.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sqlparse/filters/output.py b/sqlparse/filters/output.py
index 235db540..c0b5cc73 100644
--- a/sqlparse/filters/output.py
+++ b/sqlparse/filters/output.py
@@ -62,9 +62,9 @@ def _process(self, stream, varname, has_nl):
                     yield sql.Token(T.Whitespace, after_lb)
                 continue
 
-            # Token has escape chars
-            elif "'" in token.value:
-                token.value = token.value.replace("'", "\\'")
+            # Token has chars that need escaping in a single-quoted string
+            elif "'" in token.value or "\\" in token.value:
+                token.value = token.value.replace("\\", "\\\\").replace("'", "\\'")
 
             # Put the token
             yield sql.Token(T.Text, token.value)
@@ -111,9 +111,9 @@ def _process(self, stream, varname, has_nl):
                     yield sql.Token(T.Whitespace, after_lb)
                 continue
 
-            # Token has escape chars
-            elif '"' in token.value:
-                token.value = token.value.replace('"', '\\"')
+            # Token has chars that need escaping in a double-quoted string
+            elif '"' in token.value or "\\" in token.value:
+                token.value = token.value.replace("\\", "\\\\").replace('"', '\\"')
 
             # Put the token
             yield sql.Token(T.Text, token.value)