PHP :: Bug #52885 :: PDO_DBLIB does not properly quote char(0)

Bug #52885	PDO_DBLIB does not properly quote char(0)
Submitted:	2010-09-19 02:34 UTC	Modified:	2014-01-01 12:48 UTC
From:	ssufficool@php.net	Assigned:
Status:	Closed	Package:	PDO DBlib
PHP Version:	5.3SVN-2010-09-19 (SVN)	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ssufficool@php.net
New email:
PHP Version:		OS:

New Comment:

[2010-09-19 02:34 UTC] ssufficool@php.net

Description:
------------
When using bound parameter with char(0), the parameter is truncated. This is a possible SQL injection flaw in the dblib quote implementation.

Test script:
---------------
$stmt = $pdo->prepare("insert into test(image_field) values(?)");
$blob = file_get_contents("test.jpg");
$stmt->execute(array($blob));

Expected result:
----------------
No error

Actual result:
--------------
invalid statement due to truncation of ASCIIZ string in dblib_handle_quoter

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-09-21 01:04 UTC] ssufficool at gmail dot com

There is a larger issue here to do with unicode code page conversions and the such.

What really needs to be done is to implement the native dblib parameter bindings to stop the encoding of all parameters as strings which are then interpreted by iconv to the server charset which may not suport the full range of characters from 0-255.

[2014-01-01 12:48 UTC] felipe@php.net

-Package: PDO related +Package: PDO DBlib

[2014-10-25 03:15 UTC] ssufficool@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

[2014-10-25 03:15 UTC] ssufficool@php.net

-Status: Open +Status: Closed

[2014-11-18 20:34 UTC] ab@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

[2016-07-05 05:39 UTC] chris dot kingslynne at gmail dot com

Hi,

This change has completely broken Unicode _text_ support in pdo_dblib using FreeTDS.  This change causes binary encoded UTF-8 data to be sent to the backend that only accepts UTF-16.  It is quite incompatible with PHP 5.5 behaviour and a major BC break!

Can we please discuss reverting this change?

Chris

[2016-07-20 11:40 UTC] davey@php.net

Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a1a18fca6e2a1690ea113dc2ebe0e7d22fdc71a0
Log: Fixed Bug #52885 - PDO_DBLIB: Binary data may be truncated

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 14:00:01 2025 UTC