php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21356 LOAD DATA issue
Submitted: 2003-01-02 16:46 UTC Modified: 2003-04-24 04:16 UTC
Votes:16
Avg. Score:4.9 ± 0.5
Reproduced:16 of 16 (100.0%)
Same Version:11 (68.8%)
Same OS:6 (37.5%)
From: michael at tapinternet dot com Assigned:
Status: Wont fix Package: MySQL related
PHP Version: 4.3.0 OS: Slackware
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-01-02 16:46 UTC] michael at tapinternet dot com
PHP 4.2.1 and MySQL system set up allowed users using the phpMyAdmin system to use the LOAD DATA INFILE functionality.  ONLY thing changed was upgrading to PHP 4.3, and now that functionality produces the error 'The used command is not allowed with this MySQL version'.  Seeing as how no other software changed, this seems to point to the bundled PHP MySQL client (which we're using) to not enabling the '--enable-local-infile' flag.
===================
From the MySQL manual:
By default, all MySQL clients and libraries are compiled with --enable-local-infile, to be compatible with MySQL 3.23.48 and before.

One can disable all LOAD DATA LOCAL commands in the MySQL server by starting mysqld with --local-infile=0.

In the case that LOAD DATA LOCAL INFILE is disabled in the server or the client, you will get the error message (1148):

The used command is not allowed with this MySQL version
====================
Since we're using the --local-infile=1 to start the MySQL daemon, that points to the PHP 4.3 bundled client library being the culprit.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-02 17:26 UTC] iliaa@php.net
Does the problem go away if you tell PHP to use your MySQL's headers rather then the ones bundled with PHP?
 [2003-01-02 17:53 UTC] michael at tapinternet dot com
Didn't try that specifically, but the problem does not exist if I use mysql from the command line.

I 'solved' this for my immediate situation by removing the 'if' around the infile check in ext/mysql/libmysql/libmysql.c

Here (line 1025?):
/*
  Only enable LOAD DATA INFILE by default if configured with
  --with-enabled-local-inflile
*/
#ifdef ENABLED_LOCAL_INFILE
  mysql->options.client_flag|= CLIENT_LOCAL_FILES;
#endif
  return mysql;

is now:
/*
  Only enable LOAD DATA INFILE by default if configured with
  --with-enabled-local-inflile
*/
  mysql->options.client_flag|= CLIENT_LOCAL_FILES;
  return mysql;

recompiled everything and it works.

I'd tried to recompile PHP with '--with-enabled-local-inflile' (and the properly spelled '--with-enabled-local-infile') and neither worked.  The only thing that worked was removing the IF stuff in the .c file.
 [2003-01-29 14:59 UTC] billk at iinet dot net dot au
"BASE" microarray software requires this function.  On gentoo I had to build mysql first after adding the flag, then rebuild php to get the functionality included.
 [2003-02-01 14:27 UTC] brunofr at ioda-net dot ch
This bug is found and test with W2K and NT4.0
PhP 4.3.0 
Try with Mysql 3.23.53 - 3.23.54 - 3.23.55

Was not present PhP version before ( 4.2.4-dev snapshot from the 24 October 2002

Why this bug ??? 
Is there a lack in Quality Test... 

found this in the news.txt disto
- Fixed a security bug in the bundled MySQL library. (Georg, Stefan)
question why 3.23.49 client version as Mysql released very more up to date lib at the build 4.3. date.

Could this be corrected in the snapshot-stable version.

Thank ... have lost to much time today with this.
 [2003-02-03 19:26 UTC] rlm at pricegrabber dot com
This "security patch" is extremely dubious on MySQL clients standalone, much less PHP.  It purports to prevent patched MySQL clients/servers from causing problems by reading local files, but if you have a patched MySQL server, you have a much, much worse problem than remote file reads.  Besides, if you can read arbitrary files using MySQL, you can do the same for PHP.  This should have never entered the code stream, and really ought to be disabled (it's turned off by default in 3.23.49a and subsequent).
 [2003-04-24 04:16 UTC] georg@php.net
It's not a bug, it's a feature :)

We will not change this in PHP4 anymore, it's already on TODO for ext/mysql and ext/mysqli in PHP5.

If you need LOAD DATA LOCAL INFILE (and LOAD DATA INFILE doesn't work for you), use an external mysql library.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 16 18:03:36 2021 UTC