|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57673 sqlite_escape_string handles NULL improperly
Submitted: 2007-05-15 16:25 UTC Modified: 2008-10-25 14:19 UTC
From: phpbugs at wheelhouse dot org Assigned: kalle (profile)
Status: Closed Package: SQLite (PECL)
PHP Version: 4.4.5 OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: phpbugs at wheelhouse dot org
New email:
PHP Version: OS:


 [2007-05-15 16:25 UTC] phpbugs at wheelhouse dot org
This is a bug which has been "fixed in CVS" for nearly three years but still exists in the current "stable" version.

It causes bogus results.

Please release a new "stable" version of the sqlite PECL extension that fixes this bug and 11050.

Reproduce code:
diff -u sqlite.c- sqlite.c
--- sqlite.c-   Tue May 15 12:53:24 2007
+++ sqlite.c    Tue May 15 13:13:50 2007
@@ -1795,12 +1795,14 @@
                enclen = sqlite_encode_binary((const unsigned char*)string, stringlen, ret+1);
                RETVAL_STRINGL(ret, enclen+1, 0);
-       } else  {
+       } else if (stringlen)  {
                ret = sqlite_mprintf("%q", string);
                if (ret) {
                        RETVAL_STRING(ret, 1);
+       } else {
+               RETURN_EMPTY_STRING();
 /* }}} */

Expected result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-24 18:05 UTC]
This was also fixed in a PHP release, hence why no pecl release.
 [2008-10-24 19:27 UTC] phpbugs at wheelhouse dot org
This bug is in reference to PHP 4, with which SQLite is not included.  Hence the need to fix it in PECL.

But at this very late date, PHP 4 support doesn't seem like a priority, so maybe this package should be pulled from PECL altogether.
 [2008-10-25 08:20 UTC]
This is ofcourse a bad mistake from the maintainers, but since at the time SQLite was moved into PHP5's source then it was mainly maintained there.

And I would expect a PHP4 release, its unsupported and no bugs are fixed for it anymore.
 [2008-10-25 14:19 UTC] phpbugs at wheelhouse dot org
I assume you mean you would NOT expect a new release of this module since it is only used by PHP 4.

This many years late, I don't think I expected a new release either, so I guess that's that.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 00:03:32 2021 UTC