php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #959 Magic Quotes in Oracle (replaces bug 957)
Submitted: 1998-11-30 06:23 UTC Modified: 1998-11-30 10:53 UTC
From: drew at elysium dot demon dot co dot uk Assigned:
Status: Closed Package: Oracle related
PHP Version: 3.0.5 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
33 - 13 = ?
Subscribe to this entry?

 
 [1998-11-30 06:23 UTC] drew at elysium dot demon dot co dot uk
Oops - I had the args the wrong way round in the strstr calls !!  Heres the newer version (bug 957's patch is wrong) :-

When constructing a query for Oracle containing user supplied values ora_Parse will break if the user entered a value containing a ' such seaching an Oracle database for occurences of Bill's House.  PHP quotes the single ' in the variable containg the search criteria with a \ (it becomes Bill\' House), oracle needs single a single quote to be quoted with another ' (it should be Bill''s House).  The following patch will change a PHP quoted \' to a '' for submission to the Oracle SQL parse function.

--- oracle.c.orig       Mon Oct  5 01:22:29 1998
+++ oracle.c    Mon Nov 30 11:19:25 1998
@@ -709,7 +709,7 @@
        pval *argv[3];
        oraCursor *cursor;
        sword defer = 0;
-       text *query;
+       text *query, *quote;
 
        argc = ARG_COUNT(ht);
        if ((argc != 2 && argc != 3) || getParametersArray(ht, argc, argv) == FAILURE) {
@@ -738,6 +738,11 @@
        if (cursor->query) {
                efree(cursor->query);
        }
+
+       quote = query;
+       while ((quote = strstr(quote, "\\\'")) != NULL)
+               *quote = '\'';
+
        cursor->query = query;
        cursor->fetched = 0;
        if(cursor->params && cursor->nparams > 0){
@@ -925,7 +930,7 @@
        pval *argv[2];
        oraConnection *conn = NULL;
        oraCursor *cursor = NULL;
-       text *query;
+       text *query, *quote;
 
        if (ARG_COUNT(ht) != 2 || getParametersArray(ht, 2, argv) == FAILURE) {
                WRONG_PARAM_COUNT;
@@ -962,8 +967,12 @@
                RETURN_FALSE;
        }
        cursor->open = 1;
-       cursor->conn_ptr = conn;
-
+       cursor->conn_ptr = conn;
+
+       quote = query;
+       while ((quote = strstr(quote, "\\\'")) != NULL)
+               *quote = '\'';
+
        /* Prepare stmt */
 
        if (oparse(&cursor->cda, query, (sb4) - 1, 1, VERSION_7)){

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-11-30 10:53 UTC] rasmus
Again, the correct fix for this is to simply turn on magic_quotes_sybase
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 15:03:35 2021 UTC