php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #67495 cannot quote binary values
Submitted: 2014-06-22 20:49 UTC Modified: 2016-09-12 21:24 UTC
Votes:13
Avg. Score:4.5 ± 1.2
Reproduced:12 of 12 (100.0%)
Same Version:4 (33.3%)
Same OS:8 (66.7%)
From: vytas dot LT at gmail dot com Assigned:
Status: Open Package: PDO DBlib
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2014-06-22 20:49 UTC] vytas dot LT at gmail dot com
Description:
------------
For storing unicode text MSSQL has nchar and nvarchar column types 
However, pdo_dblib extension does not correctly escapes unicode strings.

Those strings must be prefixed with N prefix - e.g.
INSERT INTO table(field) (N'unicode_value')
UPDATE table SET field = N'unicode_value' WHERE code = N'unicode_value'

Likewise binary, varbinary and blob should be escaped like unquoted hexadamical notation starting with 0x - e. g.
INSERT INTO table(binfield) (0xAAFFCC)
UPDATE table SET binfield = 0xAAFFCC WHERE code = 0xCCAAFF


Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-22 21:01 UTC] sdfghjk at fff dot lt
e ble
 [2014-07-30 12:25 UTC] kraven at kraven dot org
I can confirm this is an issue for a long time now.  This fix will remove the need for the workaround in Propel ORM 1.7.x runtime/lib/adapter/DBMSSQL.php cleanupSQL method.
 [2016-09-12 21:24 UTC] adambaratz@php.net
-Summary: pdo_dblib incorrectly escapes binary and unicode values +Summary: cannot quote binary values -Type: Bug +Type: Feature/Change Request -PHP Version: 5.6Git-2014-06-22 (Git) +PHP Version: Irrelevant
 [2016-09-12 21:24 UTC] adambaratz@php.net
This is a limitation of how PDO handles types. See #60818 for a request to allow NVARCHAR quoting.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Nov 24 00:01:27 2024 UTC