php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59717 driver quotes " in string
Submitted: 2011-04-17 14:44 UTC Modified: 2011-09-02 04:58 UTC
From: gawain at camlann dot de Assigned:
Status: Closed Package: PDO_IBM (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gawain at camlann dot de
New email:
PHP Version: OS:

 

 [2011-04-17 14:44 UTC] gawain at camlann dot de
Description:
------------
While trying to delete some rows with ZF i noticed, that the rows did not get deleted. The Sql is this

DELETE FROM EVENTQUEUE_EVENTS WHERE (time = '2011-04-18 20:20:03.000000') AND (callback_class = 'DomainModel_AccountCallback') AND (callback_method = 'handleDeletionCallback') AND (callback_params = 'a:1:{s:8:\"username\";s:9:\"Gawalione\";}')

The Sql is build using the ZF quoteInto() which in turn uses PDO::quote() to do the job. As you can see in the above statement, the PDO::quote() returns the value for callback_params enclosed in ' but also quotes " as \". This causes db2 to not find any matching rows and therefore it does nothing...

Reproduce code:
---------------
$table->getAdapter()->quoteInto('callback_params = ?', serialize(array('username'=>'Gawalione')));

Expected result:
----------------
callback_params = 'a:1:{s:8:"username";s:9:"Gawalione";}'

Actual result:
--------------
callback_params = 'a:1:{s:8:\"username\";s:9:\"Gawalione\";}'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-19 03:22 UTC] abhargav at in dot ibm dot com
Hi,

I have made the changes are per the PDO specs (http://in.php.net/manual/en/pdo.quote.php). Please find the following patch for ibm_driver.c (v1.3.2 of PDO_IBM extension). 

--- PATCH STARTS ---
632,647d631
< 			case '\n':
< 				sql[j++] = '\\';
< 				sql[j++] = 'n';
< 				break;
< 			case '\r':
< 				sql[j++] = '\\';
< 				sql[j++] = 'r';
< 				break;
< 			case '\x1a':
< 				sql[j++] = '\\';
< 				sql[j++] = 'Z';
< 				break;
< 			case '\0':
< 				sql[j++] = '\\';
< 				sql[j++] = '0';
< 				break;
649d632
< 				sql[j++] = '\\';
651,658c634
< 				break;
< 			case '\"':
< 				sql[j++] = '\\';
< 				sql[j++] = '\"';
< 				break;
< 			case '\\':
< 				sql[j++] = '\\';
< 				sql[j++] = '\\';
---
> 				sql[j++] = '\'';
--- PATCH ENDS ---

Let me know your feedback.

Regards,
Ambrish Bhargava
 [2011-04-21 12:44 UTC] gawain at camlann dot de
Seems to work for me now. But i did not test all cases, only the one with the quoted ".
But is it a good idea not to quote \0, \r and \n ?
 [2011-09-02 04:58 UTC] abhargav at in dot ibm dot com
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Hi,

This is fixed in SVN.

Regards,
Ambrish Bhargava
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Aug 13 03:05:44 2022 UTC