PHP :: Bug #959 :: Magic Quotes in Oracle (replaces bug 957)

Bug #959	Magic Quotes in Oracle (replaces bug 957)
Submitted:	1998-11-30 06:23 UTC	Modified:	1998-11-30 10:53 UTC
From:	drew at elysium dot demon dot co dot uk	Assigned:
Status:	Closed	Package:	Oracle related
PHP Version:	3.0.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	drew at elysium dot demon dot co dot uk
New email:
PHP Version:		OS:

New Comment:

[1998-11-30 06:23 UTC] drew at elysium dot demon dot co dot uk

Oops - I had the args the wrong way round in the strstr calls !!  Heres the newer version (bug 957's patch is wrong) :-

When constructing a query for Oracle containing user supplied values ora_Parse will break if the user entered a value containing a ' such seaching an Oracle database for occurences of Bill's House.  PHP quotes the single ' in the variable containg the search criteria with a \ (it becomes Bill\' House), oracle needs single a single quote to be quoted with another ' (it should be Bill''s House).  The following patch will change a PHP quoted \' to a '' for submission to the Oracle SQL parse function.

--- oracle.c.orig       Mon Oct  5 01:22:29 1998
+++ oracle.c    Mon Nov 30 11:19:25 1998
@@ -709,7 +709,7 @@
        pval *argv[3];
        oraCursor *cursor;
        sword defer = 0;
-       text *query;
+       text *query, *quote;
 
        argc = ARG_COUNT(ht);
        if ((argc != 2 && argc != 3) || getParametersArray(ht, argc, argv) == FAILURE) {
@@ -738,6 +738,11 @@
        if (cursor->query) {
                efree(cursor->query);
        }
+
+       quote = query;
+       while ((quote = strstr(quote, "\\\'")) != NULL)
+               *quote = '\'';
+
        cursor->query = query;
        cursor->fetched = 0;
        if(cursor->params && cursor->nparams > 0){
@@ -925,7 +930,7 @@
        pval *argv[2];
        oraConnection *conn = NULL;
        oraCursor *cursor = NULL;
-       text *query;
+       text *query, *quote;
 
        if (ARG_COUNT(ht) != 2 || getParametersArray(ht, 2, argv) == FAILURE) {
                WRONG_PARAM_COUNT;
@@ -962,8 +967,12 @@
                RETURN_FALSE;
        }
        cursor->open = 1;
-       cursor->conn_ptr = conn;
-
+       cursor->conn_ptr = conn;
+
+       quote = query;
+       while ((quote = strstr(quote, "\\\'")) != NULL)
+               *quote = '\'';
+
        /* Prepare stmt */
 
        if (oparse(&cursor->cda, query, (sb4) - 1, 1, VERSION_7)){

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1998-11-30 10:53 UTC] rasmus

Again, the correct fix for this is to simply turn on magic_quotes_sybase

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 12:01:32 2025 UTC