archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Never quote values as raw binary data

Browse source 
This reverts a1a18fca6e which was intended to fix
bug #52885. That commit introduced a BC break which wasn't universally
desirable. The issue of quoting binary data (or NVARCHAR strings, or other
nonstandard types) will have to be addressed separately.
This commit is contained in:
Adam Baratz 2016-09-12 17:32:50 -04:00
parent 82fa85fd08
commit 2302eef5c9
2 changed files with 13 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

48
ext/pdo_dblib/dblib_driver.c
View file

@ -146,55 +146,29 @@ static zend_long dblib_handle_doer(pdo_dbh_t *dbh, const char *sql, size_t sql_l
static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype)
{
int useBinaryEncoding = 0;
const char * hex = "0123456789abcdef";
size_t i;
char * q;
*quotedlen = 0;
/*
* Detect quoted length and if we should use binary encoding
*/
/* Detect quoted length, adding extra char for doubled single quotes */
for(i=0;i<unquotedlen;i++) {
if( 32 > unquoted[i] || 127 < unquoted[i] ) {
useBinaryEncoding = 1;
break;
}
if(unquoted[i] == '\'') ++*quotedlen;
++*quotedlen;
}
if(useBinaryEncoding) {
/*
* Binary safe quoting
* Will implicitly convert for all data types except Text, DateTime & SmallDateTime
*
*/
*quotedlen = (unquotedlen * 2) + 2; /* 2 chars per byte +2 for "0x" prefix */
q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
*quotedlen += 2; /* +2 for opening, closing quotes */
q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
*q++ = '\'';
*q++ = '0';
*q++ = 'x';
for (i=0;i<unquotedlen;i++) {
*q++ = hex[ (*unquoted>>4)&0xF];
*q++ = hex[ (*unquoted++)&0xF];
for (i=0;i<unquotedlen;i++) {
if (unquoted[i] == '\'') {
*q++ = '\'';
*q++ = '\'';
} else {
*q++ = unquoted[i];
}
} else {
/* Alpha/Numeric Quoting */
*quotedlen += 2; /* +2 for opening, closing quotes */
q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
*q++ = '\'';
for (i=0;i<unquotedlen;i++) {
if (unquoted[i] == '\'') {
*q++ = '\'';
*q++ = '\'';
} else {
*q++ = unquoted[i];
}
}
*q++ = '\'';
}
*q++ = '\'';
*q = 0;

2
ext/pdo_dblib/tests/pdo_dblib_quote.phpt
View file

@ -14,6 +14,7 @@ var_dump($db->quote(42, PDO::PARAM_INT));
var_dump($db->quote(null, PDO::PARAM_NULL));
var_dump($db->quote('\'', PDO::PARAM_STR));
var_dump($db->quote('foo', PDO::PARAM_STR));
var_dump($db->quote('über', PDO::PARAM_STR));
?>
--EXPECT--
string(3) "'1'"
@ -22,3 +23,4 @@ string(4) "'42'"
string(2) "''"
string(4) "''''"
string(5) "'foo'"
string(7) "'über'"