php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72124 pg_convert prefixes UUIDs with escape string constant
Submitted: 2016-04-28 18:43 UTC Modified: 2021-01-08 14:43 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: me at nonrandom dot it Assigned:
Status: Verified Package: PostgreSQL related
PHP Version: 7.4 OS: Centos 6.7
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: me at nonrandom dot it
New email:
PHP Version: OS:

 

 [2016-04-28 18:43 UTC] me at nonrandom dot it 
Description:
------------
---
From manual page: http://www.php.net/function.pg-convert
---

Using pg_convert along with pg_query_params and having a value of UUID among the values being converted generates an error:

Warning:  pg_query_params(): Query failed: ERROR:  invalid input syntax for uuid: "E'7d9c76e4-0278-11e6-a626-000c2917e56a'"

It would seem that pg_convert is prefixing an escape string constant to UUIDs, and that is possibly causing the issue.

I was using pg_convert to get around boolean falses becoming empty strings, but ended up using something else when I ran across this.


Test script:
---------------
CREATE TABLE public.test_uuid(
	id uuid
);

$db = pg_connect('host=localhost port=5432 dbname=public user=postgres password=1234');

$sql = 'insert into public.test_uuid (id) values ($1)';

$values = array('id' => '7d9c76e4-0278-11e6-a626-000c2917e56a');

pg_covert($db, 'test_uuid', $values);

pg_query_params($db, $sql, $values);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-08 14:43 UTC] cmb@php.net
-Status: Open +Status: Verified -PHP Version: 5.6.21RC1 +PHP Version: 7.4
 [2021-01-08 14:43 UTC] cmb@php.net 
The problem is that PHP doesn't explicitly support uuid[1], and as
such treats it as PG_UNKNOWN so that it is converted to an escape
string.

[1] <https://github.com/php/php-src/blob/8b2b8563ef2e9e42e4d03752556131abd501b3ae/ext/pgsql/php_pgsql.h#L203-L247>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 19:01:29 2024 UTC