php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45377 pg_escape_bytea + pg_query_params -> malformed data
Submitted: 2008-06-27 14:50 UTC Modified: 2009-03-21 01:00 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: kk219459 at students dot mimuw dot edu dot pl Assigned:
Status: No Feedback Package: PostgreSQL related
PHP Version: 5.2CVS-2008-10-25 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kk219459 at students dot mimuw dot edu dot pl
New email:
PHP Version: OS:

 

 [2008-06-27 14:50 UTC] kk219459 at students dot mimuw dot edu dot pl
Description:
------------
OpenBSD 4.1
Apache/1.3.29
php5-core-5.1.6p1
postgresql-client-8.2.4

I want to insert some binary data to a table.

$q = "UPDATE tbl SET data = decode($1, 'base64') WHERE id = $2";
$params = array(base64_encode('binary string'), 123);
$res = pg_query_params($q, $params);

OK

$q = "UPDATE tbl SET data = $1::bytea WHERE id = $2";
$params = array('binary string', 123);
$res = pg_query_params($q, $params);

ERROR: invalid byte sequence for encoding "UTF8": 0x89 HINT: This error can also happen if the byte sequence does not match the encoding expected by the server, which is controlled by "client_encoding".

This could possibly work, but does not. Ok, not a problem.

(end of introduction)


Reproduce code:
---------------
# first
$q = "UPDATE tbl SET data = decode($1, 'escape') WHERE id = $2";
$params = array(pg_escape_bytea('binary string'), 123);
$res = pg_query_params($q, $params);

# second
$q = "UPDATE tbl SET data = $1::bytea WHERE id = $2";
$params = array(pg_escape_bytea('binary string'), 123);
$res = pg_query_params($q, $params);


Expected result:
----------------
Be sure to replace 'binary string' with something more challenging!

At least one of these should work (insert the data correctly)


Actual result:
--------------
Both approaches give the same result.

The data gets loaded, but incorrectly.
select length(data) from tbl; -- too large
data contains character sequences like '\000' instead of their values.

btw.
select content = decode(encode(data, 'escape'), 'escape') from tbl; -- works (sequence of TRUEs)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-26 13:06 UTC] kk219459 at students dot mimuw dot edu dot pl
The bug was reproduced on php5.2-200810251430 (Linux 2.6.26), 5.2.7RC3-dev
 [2009-03-13 13:35 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-03-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC