mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Properly quote binary strings
This commit is contained in:
parent
dd983d92b5
commit
cb36fc521f
@ -309,10 +309,14 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
|
||||
{
|
||||
pdo_mysql_db_handle *H = (pdo_mysql_db_handle *)dbh->driver_data;
|
||||
bool use_national_character_set = 0;
|
||||
bool use_binary = 0;
|
||||
char *quoted;
|
||||
size_t quotedlen;
|
||||
zend_string *quoted_str;
|
||||
|
||||
if ((paramtype & PDO_PARAM_LOB) == PDO_PARAM_LOB) {
|
||||
use_binary = 1;
|
||||
} else {
|
||||
if (H->assume_national_character_set_strings) {
|
||||
use_national_character_set = 1;
|
||||
}
|
||||
@ -322,13 +326,20 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
|
||||
if ((paramtype & PDO_PARAM_STR_CHAR) == PDO_PARAM_STR_CHAR) {
|
||||
use_national_character_set = 0;
|
||||
}
|
||||
}
|
||||
|
||||
PDO_DBG_ENTER("mysql_handle_quoter");
|
||||
PDO_DBG_INF_FMT("dbh=%p", dbh);
|
||||
PDO_DBG_INF_FMT("unquoted=%.*s", (int)ZSTR_LEN(unquoted), ZSTR_VAL(unquoted));
|
||||
quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0));
|
||||
quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0) +
|
||||
(use_binary ? 7 : 0));
|
||||
|
||||
if (use_national_character_set) {
|
||||
if (use_binary) {
|
||||
quotedlen = mysql_real_escape_string_quote(H->server, quoted + 8, ZSTR_VAL(unquoted), ZSTR_LEN(unquoted), '\'');
|
||||
memcpy(quoted, "_binary'", 8);
|
||||
|
||||
quotedlen += 7; /* _binary prefix */
|
||||
} else if (use_national_character_set) {
|
||||
quotedlen = mysql_real_escape_string_quote(H->server, quoted + 2, ZSTR_VAL(unquoted), ZSTR_LEN(unquoted), '\'');
|
||||
quoted[0] = 'N';
|
||||
quoted[1] = '\'';
|
||||
|
@ -14,6 +14,10 @@ $db = MySQLPDOTest::factory();
|
||||
$db = MySQLPDOTest::factory();
|
||||
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
|
||||
|
||||
// Force the connection to utf8, which is enough to make the test fail
|
||||
// MySQL 5.6+ would be required for utf8mb4
|
||||
$db->exec("SET NAMES 'utf8'");
|
||||
|
||||
$content = '0191D886E6DC73E7AF1FEE7F99EC6235';
|
||||
|
||||
$statement = $db->prepare('SELECT HEX(?) as test');
|
||||
|
Loading…
Reference in New Issue
Block a user