From: djneoform at gmail dot com
Operating system: Win2003 Standard
PHP version: 5.2.6
PHP Bug Type: MySQLi related
Bug description: mysqli_real_escape_string not properly escaping null
characters
Description:
------------
When dealing with binary strings that are being escaped and inserted into
a mysql table that contains a BINARY(128) field, the data that ends up
being inserted is incomplete if the string contains a null character within
the string.
Reproduce code:
---------------
/*
--TABLE DEF:
CREATE TABLE `system_users_stored_sessions` (
`session` binary(128) NOT NULL,
`name` char(32) NOT NULL,
`posted_on` datetime NOT NULL,
`body` varchar(65000) NOT NULL,
PRIMARY KEY (`session`,`name`),
KEY `posted_on` (`posted_on`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
*/
$hash_with_null_char = hash('whirlpool', '1210797760.8178', true);
$mysqli->query("
INSERT INTO
user_sessions
SET
session =
'".$mysqli->real_escape_string($hash_with_null_char)."',
posted_on = NOW(),
name = '".$mysqli->real_escape_string($name)."',
body = '".$mysqli->real_escape_string($body)."'
");
Expected result:
----------------
Expecting a row containing the full binary hash.
Actual result:
--------------
Actual result: a binary string that is terminated by the null char in the
string, not the actual ending.
I am able to work around this by doing a addslashes() to the string before
doing the mysqli_real_escape_string(), however all other chars are double
escaped making the resulting string be longer than it wanted (128 binary
chars).
--
Edit bug report at http://bugs.php.net/?id=44998&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44998&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44998&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44998&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44998&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44998&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44998&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44998&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44998&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44998&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44998&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44998&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44998&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44998&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44998&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44998&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44998&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44998&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44998&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44998&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44998&r=mysqlcfg
