php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57673 sqlite_escape_string handles NULL improperly
Submitted: 2007-05-15 16:25 UTC Modified: 2008-10-25 14:19 UTC
From: phpbugs at wheelhouse dot org Assigned: kalle (profile)
Status: Closed Package: SQLite (PECL)
PHP Version: 4.4.5 OS: Any
Private report: No CVE-ID: None
 [2007-05-15 16:25 UTC] phpbugs at wheelhouse dot org
Description:
------------
This is a bug which has been "fixed in CVS" for nearly three years but still exists in the current "stable" version.

It causes bogus results.

Please release a new "stable" version of the sqlite PECL extension that fixes this bug and 11050.



Reproduce code:
---------------
diff -u sqlite.c- sqlite.c
--- sqlite.c-   Tue May 15 12:53:24 2007
+++ sqlite.c    Tue May 15 13:13:50 2007
@@ -1795,12 +1795,14 @@
                enclen = sqlite_encode_binary((const unsigned char*)string, stringlen, ret+1);
                RETVAL_STRINGL(ret, enclen+1, 0);
 
-       } else  {
+       } else if (stringlen)  {
                ret = sqlite_mprintf("%q", string);
                if (ret) {
                        RETVAL_STRING(ret, 1);
                        sqlite_freemem(ret);
                }
+       } else {
+               RETURN_EMPTY_STRING();
        }
 }
 /* }}} */


Expected result:
----------------
See http://bugs.php.net/bug.php?id=36867



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-24 18:05 UTC] kalle@php.net
This was also fixed in a PHP release, hence why no pecl release.
 [2008-10-24 19:27 UTC] phpbugs at wheelhouse dot org
This bug is in reference to PHP 4, with which SQLite is not included.  Hence the need to fix it in PECL.

But at this very late date, PHP 4 support doesn't seem like a priority, so maybe this package should be pulled from PECL altogether.
 [2008-10-25 08:20 UTC] kalle@php.net
This is ofcourse a bad mistake from the maintainers, but since at the time SQLite was moved into PHP5's source then it was mainly maintained there.

And I would expect a PHP4 release, its unsupported and no bugs are fixed for it anymore.
 [2008-10-25 14:19 UTC] phpbugs at wheelhouse dot org
I assume you mean you would NOT expect a new release of this module since it is only used by PHP 4.

This many years late, I don't think I expected a new release either, so I guess that's that.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC