Edit report at https://bugs.php.net/bug.php?id=63344&edit=1
ID: 63344 Updated by: yohg...@php.net Reported by: peter dot kehl at gmail dot com Summary: pg_query_params() doesn't pass parts of strings past zero byte character Status: Assigned -Type: Bug +Type: Feature/Change Request Package: PostgreSQL related Operating System: CentOS 6.2; possibly irrelevant PHP Version: 5.4.8 Assigned To: yohgaki Block user comment: N Private report: N New Comment: This requires API change. Change bug type. Previous Comments: ------------------------------------------------------------------------ [2013-04-16 19:32:18] yohg...@php.net I realized this issue years ago. We need to add correct length parameter for string. The reason why I didn't fix this is there might be users using pg_escate_bytea() for prepared queries. I can simply fix, but there is slight BC issue. ------------------------------------------------------------------------ [2012-10-25 01:00:30] peter dot kehl at gmail dot com OK, pg_query_params() works as defined by Postgres. Thank you. However, I suggest a change of Example #1 at http://www.php.net/serialize. That example saves a result of serialize() to an ODBC database. I have no way of testing whether that works with strings containing zero byte(s). Anyway, that example may lead people to save a result of serialize() using Postgres (or MSSQL mssql_query()), which fail. Please change that example to use base64_encode() and base64_decode(), and add a note that serialize() generates a string which may contain zero byte(s). ------------------------------------------------------------------------ [2012-10-24 06:35:04] larue...@php.net The following patch has been added/updated: Patch Name: bug63344.patch Revision: 1351060504 URL: https://bugs.php.net/patch-display.php?bug=63344&patch=bug63344.patch&revision=1351060504 ------------------------------------------------------------------------ [2012-10-24 06:34:33] larue...@php.net according to http://www.postgresql.org/docs/8.0/static/libpq-exec.html the current PHP's wrapper of PQexecParams doesn't support binary data. a simple fix is attached ------------------------------------------------------------------------ [2012-10-24 04:39:53] peter dot kehl at gmail dot com Description: ------------ This may not be a code problem, but a documentation problem. At the top, this is similar to https://bugs.php.net/bug.php?id=45491&edit=2, but not the same. If the current behaviour is intended, then it should be documented at www.php.net/pg_query_params - because current documentation doesn't mention that it doesn't support zero bytes. Summary If I call pg_query_params( $connection, $sql_query_with_dollar_placeholders, $params ) with all three parameters, and $params is an array with at least 1 value which is a string, which contains 1 or more zero bye characters (in PHP it's chr(0) or "\0"), then that zero byte character(s) and anything right from it (in the same string) won't be passed to Postgres server. I've checked Postgres server logs, and the values come truncated just before the first zero byte character. That is probably due to Postgres using/treating strings like C language does, ended with a zero byte character. However, in PHP a string can contain one or multiple zero byte characters. This happens when e.g. using output of PHP's function serialize(). Side note I'm curious whether there is any way to set a Postgres varchar/text column to contain one or more zero byte characters. Following fails in pgAdmin (which uses UTF-8): INSERT INTO null_character_test(value) VALUES( E'First\0Second'); Environment: ---------- PHP server: CentOS 6.3 Linux localhost.localdomain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux Compiled PHP 5.4.8 ./configure --prefix=/usr/local/php --with-pgsql --with-apxs2=/usr/sbin/apxs --enable-mbstring /usr/local/php/bin/php -v PHP 5.4.8 (cli) (built: Oct 24 2012 14:49:11) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies ---- Postgres server (and also a PHP server, where the same problem applies) CentOS 6.2 Linux pkehlcentos.racpnet.localhost.local 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux PostgreSQL 8.4.11 on x86_64-redhat-linux-gnu, compiled by GCC gcc (GCC) 4.4.6 20110731 (Red Hat 4.4.6-3), 64-bit. /usr/local/php/bin/php -v PHP 5.4.4 (cli) (built: Aug 15 2012 14:07:53) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies with Xdebug v2.2.1, Copyright (c) 2002-2012, by Derick Rethans Test script: --------------- CREATE TABLE null_character_test( value varchar(255) ); <?php $params= array( "Only the first part (this one) gets saved to DB.\0Anything after a null character (this) gets removed." ); // PHP's strlen() counts characters past the null character. echo "Number of characters in the problem string, as reported by PHP's strlen(): " .strlen( $params[0]); $con= pg_connect( "host='10.10.6.62' port='5432' dbname='moodlepkehlcentos22' user='moodlepkehlcentos22' password='pkehlcentos22moodle'", PGSQL_CONNECT_FORCE_NEW ); $sql= 'INSERT INTO null_character_test(value) VALUES($1)'; pg_query_params( $con, $sql, $params ); Expected result: ---------------- SELECT * FROM null_character_test WHERE value LIKE 'Only the first part (this one) gets saved to DB.%Anything after a null character (this) gets removed.' --> that should match 1 row Actual result: -------------- SELECT * FROM null_character_test WHERE value='Only the first part (this one) gets saved to DB.' --> that matches 1 row ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63344&edit=1