PHP :: Bug #36867 :: sqlite_escape_string on '' or null returns wrong value

Bug #36867	sqlite_escape_string on '' or null returns wrong value
Submitted:	2006-03-27 02:30 UTC	Modified:	2006-03-27 09:51 UTC
From:	mpb dot mail at gmail dot com	Assigned:
Status:	Closed	Package:	SQLite related
PHP Version:	4.4.2	OS:	FreeBSD 4.x
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-03-27 02:30 UTC] mpb dot mail at gmail dot com

Description:
------------
sqlite_escape_string on '' (the empty string) or null returns the wrong value.

I would guess that:

sqlite_escape_string ('') should return '',

and

sqlite_escape_string (null) should return null.

Additionally, you can see that what sqlite_escape_string actually does return in these cases is a mangled version of the previous non-null input string.

This bug appears to have been fixed in PHP5, but not yet in PHP4.
http://bugs.php.net/bug.php?id=29339
http://bugs.php.net/bug.php?id=29395

Reproduce code:
---------------
<?php

print bin2hex (sqlite_escape_string ('xxx')). "\n";
print bin2hex (sqlite_escape_string ('')).    "\n";
print bin2hex (sqlite_escape_string (null)).  "\n";
print "done\n";

?>


Expected result:
----------------
787878


done


Actual result:
--------------
787878
ac7878
ac7878
done

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-27 04:18 UTC] scottmacvicar at ntlworld dot com

This was fixed in the PECL CVS there just happens to have been no release since the bug was fixed.

Last release was 18th July 2004, the bug was fixed 27th July 2004.

If you compile a CVS copy it will work fine.

Perhaps Wez can make another release.

[2006-03-27 09:51 UTC] tony2001@php.net

Works fine -> closed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Oct 30 12:00:01 2025 UTC