From: [EMAIL PROTECTED]
Operating system: OpenBSD
PHP version: 4.1.2
PHP Bug Type: MySQL related
Bug description: mysql_query() function throws away entire variable if it contains
"\0"
actually running PHP 4.1.2-audit
_
configure command:
�'./configure' '--without-db' '--with-apache=./apache'
'--with-mysql=/usr/local' '--with-mcrypt=/usr/local'
'--with-zlib=/usr' '--with-db3=/usr/local'
'--disable-debug'
_
I was doing something unnecessary with preg_replace to a
variable --
$var = preg_replace("[\(|\)]","\0",$var);
-- before using it in an INSERT query, like so:
$SQL = "INSERT into theTable (theField) VALUES
('".$var."')";
mysql_query($SQL,$conn);
and all I got was a blank entry for the field insert.
Basically, the preg was stripping out "()" parenthesis and
leaving me with the string inside the parenthesis. the
mysql_query must have seen the "\0" null terminator and
thrown away the entire string. When I changed the preg
function to:
$var = preg_replace("[\(|\)]","",$var);
everything worked the way it was supposed to.
I know there was no good reason for me to replace with a
null terminator but maybe this is a bug? when I printed
the variable out to debug I could see the string, minus the
parenthesis, as I intended. this is what left me confused
for quite some time. maybe this isn't a bug but it's
definitely only happening in the mysql_query function, not
PHP, so I thought I should report it.
--
Edit bug report at http://bugs.php.net/?id=16415&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16415&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16415&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16415&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16415&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16415&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16415&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16415&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16415&r=submittedtwice
