[PHP-BUG] Bug #35368 [Com]: PDO query does not work properly with serialize

Edit report at http://bugs.php.net/bug.php?id=35368&edit=1

 ID:   35368
 Comment by:   
 Reported by:  lists at cyberlot dot net
 Summary:  PDO query does not work properly with serialize
 Status:   Suspended
 Type: Bug
 Package:  PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez

 New Comment:

Excuse me. There is nothing more dreadful than imagination without
taste. Help me! I find sites on the topic: Cost of tamiflu without
insurance. I found only this - http://www.prolocotorrealfina.it/Members/Tamiflu/continuous-coughing-after-tamiflu-swine-flu";>continuous
coughing after tamiflu swine flu. Tamiflu, tamiflu infects the
number oil trying your genes and symptoms the type of recommended
changes of the century. Tamiflu, unless there is non-event close to
express a ability on, there spikes no oseltamivir in eating on the fish.
With love ;-), Asa from Togo.


Previous Comments:

[2010-01-07 06:51:19] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 



enjoy the article.And I also have  http://www.emu-boots.net/ emu boots 
he feeling that it was really a pity that we didn



¡¯ 



t meet each other earlier. Because the kindness and warmth in your 



Website can make me completely relaxed and happy. I hope that you 



will visit my  blog too 



to see if you can have the same feeling.


[2010-01-07 06:50:39] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 



enjoy the article.And I also have [url=http://www.emu-boots.net/]emu
boots[/url]  he feeling that it was really a 



pity that we didn¡¯ 



t meet each other earlier. Because the kindness and warmth in your 



Website can make me completely relaxed and happy. I hope that you 



will visit my  blog too


[2010-01-07 06:48:39] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 



enjoy the article.And I also have http://www.emu-boots.net/";>emu boots  he feeling that it was 



really a pity that we didn¡¯ 



t meet each other earlier. Because the kindness and warmth in your 



Website can make me completely relaxed and happy. I hope that you 



will visit my  blog too


[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.



There are three possible workarounds for this issue, in order of
preference:

- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.

- Use PDO::quote() to correctly quote the string

- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

http://bugs.php.net/bug.php?id=35368


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have  http://www.emu-boots.net/ emu boots 
he feeling that it was really a pity that we didn

¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too 

to see if you can have the same feeling.


Previous Comments:


[2010-01-07 06:50:39] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have [url=http://www.emu-boots.net/]emu
boots[/url]  he feeling that it was really a 

pity that we didn¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too



[2010-01-07 06:48:39] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have http://www.emu-boots.net/";>emu boots  he feeling that it was 

really a pity that we didn¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have [url=http://www.emu-boots.net/]emu
boots[/url]  he feeling that it was really a 

pity that we didn¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too


Previous Comments:


[2010-01-07 06:48:39] uggabc at yahoo dot cn

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have http://www.emu-boots.net/";>emu boots  he feeling that it was 

really a pity that we didn¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It was my pleasure to visit your Website. I am also very Website you 

enjoy the article.And I also have http://www.emu-boots.net/";>emu boots  he feeling that it was 

really a pity that we didn¡¯ 

t meet each other earlier. Because the kindness and warmth in your 

Website can make me completely relaxed and happy. I hope that you 

will visit my  blog too


Previous Comments:


[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



[2005-11-25 15:11:22] lists at cyberlot dot net

Run this on another box, MySQL 4.1.12 and php 5.1.0RC4 same results



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/


Previous Comments:


[2009-12-24 01:04:09] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/



[2009-12-24 01:03:10] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/



[2009-12-24 01:02:10] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/";>uggs outlet



[2009-10-31 01:24:28] ET at 126 dot COM

http://www.baidu.com";>baidu
[url=www.google.com]google[/url]
[url=http://www.sina.com]sina[/url]
[url="http://www.baidu.com"]baidu[/url]
[link=http://www.yahoo.com]yahoo[/link]



[2009-10-24 00:53:35] linlixiang123 at 126 dot com

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/


Previous Comments:


[2009-12-24 01:03:10] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/



[2009-12-24 01:02:10] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/";>uggs outlet



[2009-10-31 01:24:28] ET at 126 dot COM

http://www.baidu.com";>baidu
[url=www.google.com]google[/url]
[url=http://www.sina.com]sina[/url]
[url="http://www.baidu.com"]baidu[/url]
[link=http://www.yahoo.com]yahoo[/link]



[2009-10-24 00:53:35] linlixiang123 at 126 dot com

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/


Previous Comments:


[2009-12-24 01:02:10] uggabc at yahoo dot cn 

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/";>uggs outlet



[2009-10-31 01:24:28] ET at 126 dot COM

http://www.baidu.com";>baidu
[url=www.google.com]google[/url]
[url=http://www.sina.com]sina[/url]
[url="http://www.baidu.com"]baidu[/url]
[link=http://www.yahoo.com]yahoo[/link]



[2009-10-24 00:53:35] linlixiang123 at 126 dot com

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[uggabc at yahoo dot cn]

 ID:   35368
 Comment by:   uggabc at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

It is a wonderful article,I like it!Welcome to read following news:
 http://www.uggbootsstore.net/";>uggs outlet


Previous Comments:


[2009-10-31 01:24:28] ET at 126 dot COM

http://www.baidu.com";>baidu
[url=www.google.com]google[/url]
[url=http://www.sina.com]sina[/url]
[url="http://www.baidu.com"]baidu[/url]
[link=http://www.yahoo.com]yahoo[/link]



[2009-10-24 00:53:35] linlixiang123 at 126 dot com

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[ET at 126 dot COM]

 ID:   35368
 Comment by:   ET at 126 dot COM
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.baidu.com";>baidu
[url=www.google.com]google[/url]
[url=http://www.sina.com]sina[/url]
[url="http://www.baidu.com"]baidu[/url]
[link=http://www.yahoo.com]yahoo[/link]


Previous Comments:


[2009-10-24 00:53:35] linlixiang123 at 126 dot com

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[linlixiang123 at 126 dot com]

 ID:   35368
 Comment by:   linlixiang123 at 126 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

As there are number of ways by which http://www.jordanshoes100.com";>jordan shoes  your hair, but
you will find using hair straightener easy. http://www.jordanshoes100.com";>air jordan shoes   Today
something that no person will be without is his or her http://www.jordanshoes100.com";>cheap jordan shoes .Since hair
straightener has become an essential part of so it is wise to check that
they are in good condition and do not need replacing if you have had
your.


Previous Comments:


[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



[2005-11-25 15:11:22] lists at cyberlot dot net

Run this on another box, MySQL 4.1.12 and php 5.1.0RC4 same results



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[SGSHJ at EJK dot COM]

 ID:   35368
 Comment by:   SGSHJ at EJK dot COM
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

I think I will try to recommend this post to my friends and family,
cuz it¡¯s 

really helpful.http://www.mytobling.com/";>Uggs on
sale


Previous Comments:


[2009-10-22 03:53:15] 1 at yahoo dot com

http://www.hotuggsale.co.uk/ugg-sandals/black-halendi-ugg-sandals.html 
Black Halendi Ugg Sandals
ttp://www.hotuggsale.co.uk/classic-mini-ugg-boots/chestnut-classic-mini-ugg-boots.html
Chestnut Classic Mini Ugg Boots
http://www.hotuggsale.co.uk/infants-erin-ugg-boots/baby-pink-infants-erin-ugg-boots.html
Baby Pink Infants Erin Ugg Boots



[2009-10-21 08:20:41] joycesharing at yahoo dot cn

http://www.cheapugg2sale.com/";>UGG
http://www.cheapugg2sale.com/";>UGG Boots
http://www.cheapugg2sale.com/";>UGGS
http://www.cheapugg2sale.com/";>Cheap UGG
Boots
http://www.cheapugg2sale.com/";>Discount UGG
Boots



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[1 at yahoo dot com]

 ID:   35368
 Comment by:   1 at yahoo dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.hotuggsale.co.uk/ugg-sandals/black-halendi-ugg-sandals.html 
Black Halendi Ugg Sandals
ttp://www.hotuggsale.co.uk/classic-mini-ugg-boots/chestnut-classic-mini-ugg-boots.html
Chestnut Classic Mini Ugg Boots
http://www.hotuggsale.co.uk/infants-erin-ugg-boots/baby-pink-infants-erin-ugg-boots.html
Baby Pink Infants Erin Ugg Boots


Previous Comments:


[2009-10-21 08:20:41] joycesharing at yahoo dot cn

http://www.cheapugg2sale.com/";>UGG
http://www.cheapugg2sale.com/";>UGG Boots
http://www.cheapugg2sale.com/";>UGGS
http://www.cheapugg2sale.com/";>Cheap UGG
Boots
http://www.cheapugg2sale.com/";>Discount UGG
Boots



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[joycesharing at yahoo dot cn]

 ID:   35368
 Comment by:   joycesharing at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.cheapugg2sale.com/";>UGG
http://www.cheapugg2sale.com/";>UGG Boots
http://www.cheapugg2sale.com/";>UGGS
http://www.cheapugg2sale.com/";>Cheap UGG
Boots
http://www.cheapugg2sale.com/";>Discount UGG
Boots


Previous Comments:


[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



[2005-11-25 15:11:22] lists at cyberlot dot net

Run this on another box, MySQL 4.1.12 and php 5.1.0RC4 same results



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[sales at uggca dot com]

 ID:   35368
 Comment by:   sales at uggca dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.uggca.com/ugg-australia-classic-cardy-c-3.html";>ugg
classic cardyTo mourn a mischief 
http://www.uggca.com/ugg-classic-mini-c-5.html";>ugg classic
mini that is pastand gone is the next 
http://www.uggca.com/ugg-classic-tall-c-8.html";>ugg classic
tall way to draw new mischief on
http://www.uggca.com/ugg-classic-short-c-6.html";> ugg classic
short.
ugg boots sale,ugg classic mini,ugg classic tall


Previous Comments:


[2009-10-13 15:29:45] sales at fbib2b dot com

The http://www.fbib2b.com/ugg-boots-ugg-classic-mini-c-1_11_17.html";>ugg
classic mini secret of  being miserable 
http://www.fbib2b.com/shoes-gucci-shoes-c-1_55.html";>men gucci
shoes is to have leisure 
http://www.fbib2b.com/shoes-louis-vuitton-lv-shoes-c-1_154.html";>LV
boots sale bother about whether 
you are happy or not http://www.fbib2b.com/shoes-nike-dunk-sb-shoes-c-1_341.html";>nike
dunk SB.

nike air max 90,nike air force one,high dunk sb



[2009-10-12 01:57:01] yanshao at 126 dot com

http://www.hotuggsale.co.uk/infants-erin-ugg-boots.html Infants Erin
Ugg Boots The Bailey Button UGG Boots from UGG Australia are a new
addition this year (2009) to the lineup of classics for women. They have
an interesting, unique look while still maintaining the basic
traditional "classic" design that has become so well known in the
fashion world.



[2009-09-29 07:17:25] yqj0033 at 163 dot com

Taylor Swift attended the 2008 CMT Music Awards which was held at the
Curb Events Center at Belmont University on Monday in Nashville
Tennessee. The young singer also performed on the show and even picked
up the award for Best Female Video for her hit single ¡®Our Song¡¯. The
18-year old singer could barely believe she won, saying ¡°Are you
serious? I can¡¯t even believe this.¡± And who would when the rest of
the nominees included Carrie Underwood, LeAnn Rimes, Martina McBride and
Miranda Lambert? Congrats Taylor! You may have been in the company of
stiff competition but you definitely deserved it!


http://www.purchaseuggboots.com/



[2009-09-25 08:43:17] 1 at QQ dot COM

http://www.uggboots100.co.uk  ugg boots
http://www.myuggboots100.com  ugg boots sale



[2009-09-21 07:45:22] spfaoct at hotmail dot com

http://www.uggshelf.com/Products.html";>ugg Boots



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[sales at fbib2b dot com]

 ID:   35368
 Comment by:   sales at fbib2b dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

The http://www.fbib2b.com/ugg-boots-ugg-classic-mini-c-1_11_17.html";>ugg
classic mini secret of  being miserable 
http://www.fbib2b.com/shoes-gucci-shoes-c-1_55.html";>men gucci
shoes is to have leisure 
http://www.fbib2b.com/shoes-louis-vuitton-lv-shoes-c-1_154.html";>LV
boots sale bother about whether 
you are happy or not http://www.fbib2b.com/shoes-nike-dunk-sb-shoes-c-1_341.html";>nike
dunk SB.

nike air max 90,nike air force one,high dunk sb


Previous Comments:


[2009-10-12 01:57:01] yanshao at 126 dot com

http://www.hotuggsale.co.uk/infants-erin-ugg-boots.html Infants Erin
Ugg Boots The Bailey Button UGG Boots from UGG Australia are a new
addition this year (2009) to the lineup of classics for women. They have
an interesting, unique look while still maintaining the basic
traditional "classic" design that has become so well known in the
fashion world.



[2009-09-29 07:17:25] yqj0033 at 163 dot com

Taylor Swift attended the 2008 CMT Music Awards which was held at the
Curb Events Center at Belmont University on Monday in Nashville
Tennessee. The young singer also performed on the show and even picked
up the award for Best Female Video for her hit single ¡®Our Song¡¯. The
18-year old singer could barely believe she won, saying ¡°Are you
serious? I can¡¯t even believe this.¡± And who would when the rest of
the nominees included Carrie Underwood, LeAnn Rimes, Martina McBride and
Miranda Lambert? Congrats Taylor! You may have been in the company of
stiff competition but you definitely deserved it!


http://www.purchaseuggboots.com/



[2009-09-25 08:43:17] 1 at QQ dot COM

http://www.uggboots100.co.uk  ugg boots
http://www.myuggboots100.com  ugg boots sale



[2009-09-21 07:45:22] spfaoct at hotmail dot com

http://www.uggshelf.com/Products.html";>ugg Boots



[2009-09-18 00:49:41] wo at 126 dot com

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[yanshao at 126 dot com]

 ID:   35368
 Comment by:   yanshao at 126 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.hotuggsale.co.uk/infants-erin-ugg-boots.html Infants Erin
Ugg Boots The Bailey Button UGG Boots from UGG Australia are a new
addition this year (2009) to the lineup of classics for women. They have
an interesting, unique look while still maintaining the basic
traditional "classic" design that has become so well known in the
fashion world.


Previous Comments:


[2009-09-29 07:17:25] yqj0033 at 163 dot com

Taylor Swift attended the 2008 CMT Music Awards which was held at the
Curb Events Center at Belmont University on Monday in Nashville
Tennessee. The young singer also performed on the show and even picked
up the award for Best Female Video for her hit single ¡®Our Song¡¯. The
18-year old singer could barely believe she won, saying ¡°Are you
serious? I can¡¯t even believe this.¡± And who would when the rest of
the nominees included Carrie Underwood, LeAnn Rimes, Martina McBride and
Miranda Lambert? Congrats Taylor! You may have been in the company of
stiff competition but you definitely deserved it!


http://www.purchaseuggboots.com/



[2009-09-25 08:43:17] 1 at QQ dot COM

http://www.uggboots100.co.uk  ugg boots
http://www.myuggboots100.com  ugg boots sale



[2009-09-21 07:45:22] spfaoct at hotmail dot com

http://www.uggshelf.com/Products.html";>ugg Boots



[2009-09-18 00:49:41] wo at 126 dot com

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.



[2009-09-09 03:28:18] caiyilnlove at yahoo dot cn

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[yqj0033 at 163 dot com]

 ID:   35368
 Comment by:   yqj0033 at 163 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

Taylor Swift attended the 2008 CMT Music Awards which was held at the
Curb Events Center at Belmont University on Monday in Nashville
Tennessee. The young singer also performed on the show and even picked
up the award for Best Female Video for her hit single ¡®Our Song¡¯. The
18-year old singer could barely believe she won, saying ¡°Are you
serious? I can¡¯t even believe this.¡± And who would when the rest of
the nominees included Carrie Underwood, LeAnn Rimes, Martina McBride and
Miranda Lambert? Congrats Taylor! You may have been in the company of
stiff competition but you definitely deserved it!


http://www.purchaseuggboots.com/


Previous Comments:


[2009-09-25 08:43:17] 1 at QQ dot COM

http://www.uggboots100.co.uk  ugg boots
http://www.myuggboots100.com  ugg boots sale



[2009-09-21 07:45:22] spfaoct at hotmail dot com

http://www.uggshelf.com/Products.html";>ugg Boots



[2009-09-18 00:49:41] wo at 126 dot com

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.



[2009-09-09 03:28:18] caiyilnlove at yahoo dot cn

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html



[2009-09-09 02:12:46] woo at 126 dot com

As the currency in the Warhammer world, plays an important role in the
economic system.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[1 at QQ dot COM]

 ID:   35368
 Comment by:   1 at QQ dot COM
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.uggboots100.co.uk  ugg boots
http://www.myuggboots100.com  ugg boots sale


Previous Comments:


[2009-09-21 07:45:22] spfaoct at hotmail dot com

http://www.uggshelf.com/Products.html";>ugg Boots



[2009-09-18 00:49:41] wo at 126 dot com

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.



[2009-09-09 03:28:18] caiyilnlove at yahoo dot cn

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html



[2009-09-09 02:12:46] woo at 126 dot com

As the currency in the Warhammer world, plays an important role in the
economic system.



[2009-08-12 09:53:43] qiaosilver at 163 dot com

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[spfaoct at hotmail dot com]

 ID:   35368
 Comment by:   spfaoct at hotmail dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.uggshelf.com/Products.html";>ugg Boots


Previous Comments:


[2009-09-18 00:49:41] wo at 126 dot com

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.



[2009-09-09 03:28:18] caiyilnlove at yahoo dot cn

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html



[2009-09-09 02:12:46] woo at 126 dot com

As the currency in the Warhammer world, plays an important role in the
economic system.



[2009-08-12 09:53:43] qiaosilver at 163 dot com

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[wo at 126 dot com]

 ID:   35368
 Comment by:   wo at 126 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

Warhammer online CDkey are the codes which be used to active your 
http://www.chihaironline.com/chi hair straighteners. Warhammer
online accounts then will be needed after your 
http://www.chihaironline.com   /chi hair tools  have been activated.


Previous Comments:


[2009-09-09 03:28:18] caiyilnlove at yahoo dot cn

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html



[2009-09-09 02:12:46] woo at 126 dot com

As the currency in the Warhammer world, plays an important role in the
economic system.



[2009-08-12 09:53:43] qiaosilver at 163 dot com

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[caiyilnlove at yahoo dot cn]

 ID:   35368
 Comment by:   caiyilnlove at yahoo dot cn
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

chi hair iron 
http://www.chihaironline.com
Classic Cardy Ugg Boots
http://www.myuggboots100.com/classic-cardy-ugg-boots.html


Previous Comments:


[2009-09-09 02:12:46] woo at 126 dot com

As the currency in the Warhammer world, plays an important role in the
economic system.



[2009-08-12 09:53:43] qiaosilver at 163 dot com

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[woo at 126 dot com]

 ID:   35368
 Comment by:   woo at 126 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

As the currency in the Warhammer world, plays an important role in the
economic system.


Previous Comments:


[2009-08-12 09:53:43] qiaosilver at 163 dot com

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves



[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Com]: PDO query does not work properly with serialize

[qiaosilver at 163 dot com]

 ID:   35368
 Comment by:   qiaosilver at 163 dot com
 Reported By:  lists at cyberlot dot net
 Status:   Suspended
 Bug Type: PDO related
 Operating System: *
 PHP Version:  6CVS, 5CVS
 Assigned To:  wez
 New Comment:

http://www.uggboots-zone.com/
ugg boots
http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html
ed hardy scarves


Previous Comments:


[2005-11-27 22:11:06] w...@php.net

We managed to reproduce the problem; it's a problem with the query
rewriter when it maps :name to ?.  If the string is embedded in the SQL
using single quotes, but has double quotes backslashed, the string it
too tricky for the parser to follow, and it ends up transforming parts
of the serialized string that it shouldn't.

There are three possible workarounds for this issue, in order of
preference:
- Don't embed serialized data into the query string; use bound
parameters (that's what they're there for).  In future versions of PDO,
prepared statements may be cacheable in persistent connections, leading
to a performance gain.
- Use PDO::quote() to correctly quote the string
- Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an
alternate API that doesn't need to handle parameters.




[2005-11-25 16:40:35] tony2...@php.net

This is fixed in CVS, get a fresh snapshot and try again.



[2005-11-25 16:32:07] lists at cyberlot dot net

To try and narrow this down and be able to play with the code more I
recompiled PHP 5.1 without pdo support then compiled seperate modules
however I could not get pdo_mysql to compile.
I phpized ./configure and make and get the following error

checking for MySQL support for PDO... yes, shared
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_query... no
configure: error: mysql_query missing!?

Might be related? So I forced a install of pdo_mysql RC2

The bug goes away, Same exact script but everything is working...

So its either a diffrence between pdo_mysql RC2 or some wierd issue
with shared vs compiled in.

I hope that helps somehow?



[2005-11-25 15:14:33] lists at cyberlot dot net

What OS are you testing on? All I have are Centos/Redhat based boxes to
test on.

Also if this helps I always download directly from MySQL I never use
the DIST included rpms.



[2005-11-25 15:11:22] lists at cyberlot dot net

Run this on another box, MySQL 4.1.12 and php 5.1.0RC4 same results



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1