|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57673 sqlite_escape_string handles NULL improperly
Submitted: 2007-05-15 16:25 UTC Modified: 2008-10-25 14:19 UTC
From: phpbugs at wheelhouse dot org Assigned: kalle (profile)
Status: Closed Package: SQLite (PECL)
PHP Version: 4.4.5 OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
26 - 3 = ?
Subscribe to this entry?

 [2007-05-15 16:25 UTC] phpbugs at wheelhouse dot org
This is a bug which has been "fixed in CVS" for nearly three years but still exists in the current "stable" version.

It causes bogus results.

Please release a new "stable" version of the sqlite PECL extension that fixes this bug and 11050.

Reproduce code:
diff -u sqlite.c- sqlite.c
--- sqlite.c-   Tue May 15 12:53:24 2007
+++ sqlite.c    Tue May 15 13:13:50 2007
@@ -1795,12 +1795,14 @@
                enclen = sqlite_encode_binary((const unsigned char*)string, stringlen, ret+1);
                RETVAL_STRINGL(ret, enclen+1, 0);
-       } else  {
+       } else if (stringlen)  {
                ret = sqlite_mprintf("%q", string);
                if (ret) {
                        RETVAL_STRING(ret, 1);
+       } else {
+               RETURN_EMPTY_STRING();
 /* }}} */

Expected result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-24 18:05 UTC]
This was also fixed in a PHP release, hence why no pecl release.
 [2008-10-24 19:27 UTC] phpbugs at wheelhouse dot org
This bug is in reference to PHP 4, with which SQLite is not included.  Hence the need to fix it in PECL.

But at this very late date, PHP 4 support doesn't seem like a priority, so maybe this package should be pulled from PECL altogether.
 [2008-10-25 08:20 UTC]
This is ofcourse a bad mistake from the maintainers, but since at the time SQLite was moved into PHP5's source then it was mainly maintained there.

And I would expect a PHP4 release, its unsupported and no bugs are fixed for it anymore.
 [2008-10-25 14:19 UTC] phpbugs at wheelhouse dot org
I assume you mean you would NOT expect a new release of this module since it is only used by PHP 4.

This many years late, I don't think I expected a new release either, so I guess that's that.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Oct 25 11:03:35 2021 UTC