SQLite3::escapeString truncates strings containing \0 (0x00)

Status: Alpha

Brought to you by: bfleisch

#14 SQLite3::escapeString truncates strings containing \0 (0x00)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-11-01

Created: 2012-11-01

Creator: Anonymous

Private: No

SQLite3::escapeString does not correctly handle strings that contain ascii 0x00 (aka \0).

Calling SQLite3::escapeString( "x\0y" ) will return "x". No warnign or notice is issued, the string is just silently truncated.

The behavior concerning \0 needs to be documented, and \0 should be accepted, or escapeString should fail noisily if \0 is present (e.g. by triggering a php warning and returning false).

I'm using php5-sqlite 5.3.6-13ubuntu3.9

Discussion

Comment has been marked as spam.
Undo

View and moderate all "bugs Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Bugs"

Anonymous - 2012-11-01

Small test case.

Small test case.

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

sqlite-quote-bug.php

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SQLite3::escapeString truncates strings containing \0 (0x00)

Group

Searches

Help

#14 SQLite3::escapeString truncates strings containing \0 (0x00)

Discussion