Edit report at http://bugs.php.net/bug.php?id=52885&edit=1
ID: 52885
Comment by: ssufficool at gmail dot com
Reported by: ssuffic...@php.net
Summary: PDO_DBLIB does not properly quote char(0)
Status: Open
Type: Bug
Package: PDO related
Operating System: Linux
PHP Version: 5.3SVN-2010-09-19 (SVN)
Block user comment: N
New Comment:
There is a larger issue here to do with unicode code page conversions
and the such.
What really needs to be done is to implement the native dblib parameter
bindings to stop the encoding of all parameters as strings which are
then interpreted by iconv to the server charset which may not suport the
full range of characters from 0-255.
Previous Comments:
------------------------------------------------------------------------
[2010-09-19 02:34:18] ssuffic...@php.net
Description:
------------
When using bound parameter with char(0), the parameter is truncated.
This is a possible SQL injection flaw in the dblib quote implementation.
Test script:
---------------
$stmt = $pdo->prepare("insert into test(image_field) values(?)");
$blob = file_get_contents("test.jpg");
$stmt->execute(array($blob));
Expected result:
----------------
No error
Actual result:
--------------
invalid statement due to truncation of ASCIIZ string in
dblib_handle_quoter
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52885&edit=1
