php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56154 Bug in sqlite_escape_string function
Submitted: 2004-08-01 11:00 UTC Modified: 2012-06-11 13:42 UTC
From: lay at amiga dot hu Assigned: felipe (profile)
Status: Closed Package: SQLite (PECL)
PHP Version: 4.3.3 OS: Linux
Private report: No CVE-ID: None
 [2004-08-01 11:00 UTC] lay at amiga dot hu
Description:
------------
I try this code on three different systems (different PHP versions, Debian/Red Hat, etc.), but the SQLite version always 1.0.3 (libversion 2.8.14). Earlier versions works well. But this new version the result is the same:

Sometimes runs until end, but sometimes, different places generate warnings. I mean, the bug in the sqlite_escape_string function, if passed an empty string.

If no warnings, try to increase the loop counter.

Reproduce code:
---------------
<?

set_time_limit(0);

dl("sqlite.so");

echo "<h1>Libversion: ".sqlite_libversion()."</h1>";

define("CONN",sqlite_open(":memory:"));

sqlite_query(CONN,"create table lufi(duma)");

echo "<h1>Start</h1>";

for ($i=1;$i<=100;$i++) {
 sqlite_query(CONN,"insert into lufi(duma)values('".sqlite_escape_string("")."')");
}

echo "<h1>End</h1>";

$h=sqlite_query(CONN,"select count(*)hany from lufi");
$t=sqlite_fetch_array($h);
echo $t["hany"]." success.";

?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-19 03:25 UTC] hhhahn at gmail dot com
Ouch, I got bit hard by this bug as well. It's ref'd in the mainline PHP bugs here:

http://bugs.php.net/bug.php?id=29395

There's a diff for a fix mentioned in that entry here:

http://tony2004.phpclub.net/dev/tmp/sqlite.diff

Fixed it for me.
 [2012-06-11 13:42 UTC] felipe@php.net
Already fixed.
 [2012-06-11 13:42 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Mar 06 15:01:23 2021 UTC