#44998 [Opn->Fbk]: mysqli_real_escape_string not properly escaping null characters

Mon, 14 Jul 2008 10:58:46 -0700 

 ID:               44998
 Updated by:       [EMAIL PROTECTED]
 Reported By:      djneoform at gmail dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         MySQLi related
 Operating System: Win2003 Standard
 PHP Version:      5.2.6
 New Comment:

What MySQL version are you using?

Interesting find. The mysqli_real_escape_string test does play with
\0:

if ("foo\\0bar" !== ($tmp = mysqli_real_escape_string($link, "foo" .
chr(0) . "bar")))
                printf("[009] Expecting %s, got %s\n", "foo\\0bar", $tmp);

But it does not try to insert/fetch such a string. Of course it works
fine with PHP 5.3 and a recent MySQL and on Linux... 


Previous Comments:
------------------------------------------------------------------------

[2008-05-15 16:52:47] djneoform at gmail dot com

I'm able to get around this problem by replacing 0x0 chars with 0x1
prior to passing the string to mysqli_real_escape_string(), however this
damages the integrity of the binary string.

------------------------------------------------------------------------

[2008-05-14 20:48:21] djneoform at gmail dot com

Description:
------------
When dealing with binary strings that are being escaped and inserted
into a mysql table that contains a BINARY(128) field, the data that ends
up being inserted is incomplete if the string contains a null character
within the string.

Reproduce code:
---------------
/*
--TABLE DEF:

CREATE TABLE `system_users_stored_sessions` (
  `session` binary(128) NOT NULL,
  `name` char(32) NOT NULL,
  `posted_on` datetime NOT NULL,
  `body` varchar(65000) NOT NULL,
  PRIMARY KEY  (`session`,`name`),
  KEY `posted_on` (`posted_on`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

*/

$hash_with_null_char = hash('whirlpool', '1210797760.8178', true);

$mysqli->query("
        INSERT INTO
                user_sessions
        SET
                session = 
'".$mysqli->real_escape_string($hash_with_null_char)."',
                posted_on = NOW(),
                name = '".$mysqli->real_escape_string($name)."',
                body = '".$mysqli->real_escape_string($body)."'
");

Expected result:
----------------
Expecting a row containing the full binary hash.

Actual result:
--------------
Actual result: a binary string that is terminated by the null char in
the string, not the actual ending.

I am able to work around this by doing a addslashes() to the string
before doing the mysqli_real_escape_string(), however all other chars
are double escaped making the resulting string be longer than it wanted
(128 binary chars).


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=44998&edit=1

Reply via email to