From 70cba36fc92c1e75c5b0f9ebd1f97a68c26c170a Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 18 Sep 2020 10:29:28 +0200 Subject: [PATCH] Support NO_BACKSLASH_ESCAPES with newer libmysqlclient Requires the use of mysql_real_escape_string_quote(). --- ext/mysqli/mysqli_api.c | 7 ++++++- ext/pdo_mysql/mysql_driver.c | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 0c17e1599e2..7d8682253cd 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1954,6 +1954,11 @@ PHP_FUNCTION(mysqli_real_query) } /* }}} */ +#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION) +# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \ + mysql_real_escape_string(mysql, to, from, length) +#endif + /* {{{ proto string mysqli_real_escape_string(object link, string escapestr) Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection */ PHP_FUNCTION(mysqli_real_escape_string) { @@ -1969,7 +1974,7 @@ PHP_FUNCTION(mysqli_real_escape_string) { MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID); newstr = zend_string_alloc(2 * escapestr_len, 0); - ZSTR_LEN(newstr) = mysql_real_escape_string(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len); + ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\''); newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0); RETURN_NEW_STR(newstr); diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 0d8c77d351b..becd6b94875 100644 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -293,6 +293,11 @@ static char *pdo_mysql_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t * } /* }}} */ +#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION) +# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \ + mysql_real_escape_string(mysql, to, from, length) +#endif + /* {{{ mysql_handle_quoter */ static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) { @@ -315,13 +320,13 @@ static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu *quoted = safe_emalloc(2, unquotedlen, 3 + (use_national_character_set ? 1 : 0)); if (use_national_character_set) { - *quotedlen = mysql_real_escape_string(H->server, *quoted + 2, unquoted, unquotedlen); + *quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 2, unquoted, unquotedlen, '\''); (*quoted)[0] = 'N'; (*quoted)[1] = '\''; ++*quotedlen; /* N prefix */ } else { - *quotedlen = mysql_real_escape_string(H->server, *quoted + 1, unquoted, unquotedlen); + *quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 1, unquoted, unquotedlen, '\''); (*quoted)[0] = '\''; }