php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52371 Bug related to serialisation session and store in database postgresql 8.4
Submitted: 2010-07-18 20:49 UTC Modified: 2010-07-18 22:11 UTC
From: contact at albatros-info dot fr Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.3.2 OS: Ubuntu 10.04 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: contact at albatros-info dot fr
New email:
PHP Version: OS:

 

 [2010-07-18 20:49 UTC] contact at albatros-info dot fr 
Description:
------------
i ve a class test

<?php
class test{
protected $die = true;
}
?>

plus i ve many value for $_SESSION

i use session_set_save_handler to declare session store in database
and when php call write from my class session : 
	
public function write ($sid, $data){//écriture
		$debug = false;
		$expire = intval(time() + $this->session_life);
		$data = $this->db->dbh->quote($data); 
		$sql = "INSERT INTO session VALUES('$sid',$data,'$expire')";
NB: $data is not protected by ' because func quote realize it.

First i declare many value in $_SESSION and i serialize my object instance of test and i launch program when the program write session data in database
At this moment if i display $data parameters from write i can read : 
.....ivraison";s:6:"�*�die";b:0;s:18:................
and when php store in my database i obtain :
.....ivraison";s:6:" 
so pdo func quote truncate data if i commente line quote and change my sql by 
$sql = "INSERT INTO session VALUES('$sid','$data','$expire')"; //i add protected ' to field $data
i obtain an sql error
because postgres dont find the protected terminator ' cause char �
postgres work in utf8 and $data parameter write is in utf8 so.
sure because postgres will cause an other error type (encoding error)
if i change protected or private (because this 2 cases declare this error) by public, $data parameters from write is equal to data store in database and my program is ok.




Test script:
---------------
no code because it 's difficult to transcribe this case in 20 lines and i must post so database scheme.
Just create sheme in database to collect session data. create session_set_save_handler to write session in database.
Create a class like my test class, serialize it, and declare $_SESSION['test'] = serialize([instance of test])
and write session
I ve no test in mysql

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-18 22:11 UTC] johannes@php.net
-Status: Open +Status: Bogus
 [2010-07-18 22:11 UTC] johannes@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

The serialized data contains a 0-byte, you have to use binary-safe encoding and access methods.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 11:01:34 2025 UTC