From: djneoform at gmail dot com Operating system: Win2003 Standard PHP version: 5.2.6 PHP Bug Type: MySQLi related Bug description: mysqli_real_escape_string not properly escaping null characters
Description: ------------ When dealing with binary strings that are being escaped and inserted into a mysql table that contains a BINARY(128) field, the data that ends up being inserted is incomplete if the string contains a null character within the string. Reproduce code: --------------- /* --TABLE DEF: CREATE TABLE `system_users_stored_sessions` ( `session` binary(128) NOT NULL, `name` char(32) NOT NULL, `posted_on` datetime NOT NULL, `body` varchar(65000) NOT NULL, PRIMARY KEY (`session`,`name`), KEY `posted_on` (`posted_on`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; */ $hash_with_null_char = hash('whirlpool', '1210797760.8178', true); $mysqli->query(" INSERT INTO user_sessions SET session = '".$mysqli->real_escape_string($hash_with_null_char)."', posted_on = NOW(), name = '".$mysqli->real_escape_string($name)."', body = '".$mysqli->real_escape_string($body)."' "); Expected result: ---------------- Expecting a row containing the full binary hash. Actual result: -------------- Actual result: a binary string that is terminated by the null char in the string, not the actual ending. I am able to work around this by doing a addslashes() to the string before doing the mysqli_real_escape_string(), however all other chars are double escaped making the resulting string be longer than it wanted (128 binary chars). -- Edit bug report at http://bugs.php.net/?id=44998&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44998&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44998&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44998&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44998&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44998&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44998&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44998&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44998&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44998&r=support Expected behavior: http://bugs.php.net/fix.php?id=44998&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44998&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44998&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44998&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44998&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44998&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44998&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44998&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44998&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44998&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44998&r=mysqlcfg