ID: 44998 Updated by: [EMAIL PROTECTED] Reported By: djneoform at gmail dot com -Status: Open +Status: Feedback Bug Type: MySQLi related Operating System: Win2003 Standard PHP Version: 5.2.6 New Comment:
What MySQL version are you using? Interesting find. The mysqli_real_escape_string test does play with \0: if ("foo\\0bar" !== ($tmp = mysqli_real_escape_string($link, "foo" . chr(0) . "bar"))) printf("[009] Expecting %s, got %s\n", "foo\\0bar", $tmp); But it does not try to insert/fetch such a string. Of course it works fine with PHP 5.3 and a recent MySQL and on Linux... Previous Comments: ------------------------------------------------------------------------ [2008-05-15 16:52:47] djneoform at gmail dot com I'm able to get around this problem by replacing 0x0 chars with 0x1 prior to passing the string to mysqli_real_escape_string(), however this damages the integrity of the binary string. ------------------------------------------------------------------------ [2008-05-14 20:48:21] djneoform at gmail dot com Description: ------------ When dealing with binary strings that are being escaped and inserted into a mysql table that contains a BINARY(128) field, the data that ends up being inserted is incomplete if the string contains a null character within the string. Reproduce code: --------------- /* --TABLE DEF: CREATE TABLE `system_users_stored_sessions` ( `session` binary(128) NOT NULL, `name` char(32) NOT NULL, `posted_on` datetime NOT NULL, `body` varchar(65000) NOT NULL, PRIMARY KEY (`session`,`name`), KEY `posted_on` (`posted_on`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; */ $hash_with_null_char = hash('whirlpool', '1210797760.8178', true); $mysqli->query(" INSERT INTO user_sessions SET session = '".$mysqli->real_escape_string($hash_with_null_char)."', posted_on = NOW(), name = '".$mysqli->real_escape_string($name)."', body = '".$mysqli->real_escape_string($body)."' "); Expected result: ---------------- Expecting a row containing the full binary hash. Actual result: -------------- Actual result: a binary string that is terminated by the null char in the string, not the actual ending. I am able to work around this by doing a addslashes() to the string before doing the mysqli_real_escape_string(), however all other chars are double escaped making the resulting string be longer than it wanted (128 binary chars). ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44998&edit=1