Edit report at https://bugs.php.net/bug.php?id=44433&edit=1
ID: 44433 Comment by: metala at metala dot org Reported by: hans at velum dot net Summary: Text with null characters (\0) truncated when bound to prepared statement Status: No Feedback Type: Bug Package: PDO related Operating System: Gentoo Linux PHP Version: 5.2.5 Block user comment: N Private report: N New Comment: I have experienced the same issue with PHP 5.4.4-7 using Debian wheezy/sid. Actually It made me drop the idea to store objects in database and I used the conventional way to solve the problem. So it was frustrating.... Previous Comments: ------------------------------------------------------------------------ [2009-05-03 01:00:11] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2009-04-25 14:56:32] j...@php.net Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2009-03-09 23:21:21] bmauser at gmail dot com I noticed the same problem on windows (vista) and same php version 5.2.5. The serialized string I tried to store in the database was: O:8:"Psa_User":3:{s:9:" * groups";a:0:{}s:13:" * last_login";i:0;s:10:"test_value";i:391;} and when I put output from serialize() in hex editor you can see some null characters: 00000000h: 4F 3A 38 3A 22 50 73 61 5F 55 73 65 72 22 3A 33 ; O:8:"Psa_User":3 00000010h: 3A 7B 73 3A 39 3A 22 00 2A 00 67 72 6F 75 70 73 ; :{s:9:".*.groups 00000020h: 22 3B 61 3A 30 3A 7B 7D 73 3A 31 33 3A 22 00 2A ; ";a:0:{}s:13:".* 00000030h: 00 6C 61 73 74 5F 6C 6F 67 69 6E 22 3B 69 3A 30 ; .last_login";i:0 00000040h: 3B 73 3A 31 30 3A 22 74 65 73 74 5F 76 61 6C 75 ; ;s:10:"test_valu 00000050h: 65 22 3B 69 3A 33 39 31 3B 7D ; e";i:391;} The value in query that should update the database is truncated to the first null character in string. That is true for prepared statements with PDO->prepare() and also for only escaped values with PDO->quote(). When using the same code with mysql_pdo driver queries are not truncated and the null characters are stored in the database blob object. I used base64_encode and decode functions to workaround this and stored base64 encoded string in the database. ------------------------------------------------------------------------ [2008-03-13 18:30:19] hans at velum dot net Description: ------------ I'm using PostgreSQL (8.2.x) and am having a problem inserting serialized data containing null characters (\0) into the database. I am using prepared statements and the bindValue() method to bind the serialized data as a PDO::PARAM_STR. It's not obvious from the output below, but these serialized strings contain null values because of the private variables. I can't seem to find an existing bug for this; however, it surprises me that no one has reported this before. Reproduce code: --------------- $pdo = new PDO('pgsql: dbname=testdb user=postgres'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $pdo->exec('DROP TABLE testtbl'); } catch (PDOException $x) { /* ignore */ } $pdo->exec('CREATE TABLE testtbl (id integer not null, txtcol text)'); class MyClass { private $var1; function __construct($val) { $this->var1 = $val; } } $serialized = serialize(array('foo' => new MyClass('bar'), 'baz' => new MyClass('bingo!'))); print "Serialized data: " . $serialized . PHP_EOL; $stmt = $pdo->prepare('INSERT INTO testtbl (id, txtcol) VALUES (1, ?)'); $stmt->bindValue(1, $serialized, PDO::PARAM_STR); $stmt->execute(); $stmt = $pdo->query('SELECT * FROM testtbl WHERE id = 1'); $row = $stmt->fetch(); print "From database: " . $row['txtcol'] . PHP_EOL; Expected result: ---------------- Serialized data: a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}} >From database: >a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}} Actual result: -------------- Serialized data: a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}} >From database: a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:" ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=44433&edit=1