ID: 44433
Comment by: bmauser at gmail dot com
Reported By: hans at velum dot net
Status: Verified
Bug Type: PDO related
Operating System: Gentoo Linux
PHP Version: 5.2.5
New Comment:
I noticed the same problem on windows (vista) and same php version
5.2.5. The serialized string I tried to store in the database was:
O:8:"Psa_User":3:{s:9:" * groups";a:0:{}s:13:" *
last_login";i:0;s:10:"test_value";i:391;}
and when I put output from serialize() in hex editor you can see some
null characters:
00000000h: 4F 3A 38 3A 22 50 73 61 5F 55 73 65 72 22 3A 33 ;
O:8:"Psa_User":3
00000010h: 3A 7B 73 3A 39 3A 22 00 2A 00 67 72 6F 75 70 73 ;
:{s:9:".*.groups
00000020h: 22 3B 61 3A 30 3A 7B 7D 73 3A 31 33 3A 22 00 2A ;
";a:0:{}s:13:".*
00000030h: 00 6C 61 73 74 5F 6C 6F 67 69 6E 22 3B 69 3A 30 ;
.last_login";i:0
00000040h: 3B 73 3A 31 30 3A 22 74 65 73 74 5F 76 61 6C 75 ;
;s:10:"test_valu
00000050h: 65 22 3B 69 3A 33 39 31 3B 7D ;
e";i:391;}
The value in query that should update the database is truncated to the
first null character in string. That is true for prepared statements
with PDO->prepare() and also for only escaped values with PDO->quote().
When using the same code with mysql_pdo driver queries are not
truncated and the null characters are stored in the database blob
object.
I used base64_encode and decode functions to workaround this and stored
base64 encoded string in the database.
Previous Comments:
------------------------------------------------------------------------
[2008-03-13 18:30:19] hans at velum dot net
Description:
------------
I'm using PostgreSQL (8.2.x) and am having a problem inserting
serialized data containing null characters (\0) into the database. I am
using prepared statements and the bindValue() method to bind the
serialized data as a PDO::PARAM_STR.
It's not obvious from the output below, but these serialized strings
contain null values because of the private variables.
I can't seem to find an existing bug for this; however, it surprises me
that no one has reported this before.
Reproduce code:
---------------
$pdo = new PDO('pgsql: dbname=testdb user=postgres');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$pdo->exec('DROP TABLE testtbl');
} catch (PDOException $x) { /* ignore */ }
$pdo->exec('CREATE TABLE testtbl (id integer not null, txtcol text)');
class MyClass {
private $var1;
function __construct($val) { $this->var1 = $val; }
}
$serialized = serialize(array('foo' => new MyClass('bar'), 'baz' => new
MyClass('bingo!')));
print "Serialized data: " . $serialized . PHP_EOL;
$stmt = $pdo->prepare('INSERT INTO testtbl (id, txtcol) VALUES (1,
?)');
$stmt->bindValue(1, $serialized, PDO::PARAM_STR);
$stmt->execute();
$stmt = $pdo->query('SELECT * FROM testtbl WHERE id = 1');
$row = $stmt->fetch();
print "From database: " . $row['txtcol'] . PHP_EOL;
Expected result:
----------------
Serialized data:
a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}}
>From database:
a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}}
Actual result:
--------------
Serialized data:
a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"MyClassvar1";s:3:"bar";}s:3:"baz";O:7:"MyClass":1:{s:13:"MyClassvar1";s:6:"bingo!";}}
>From database: a:2:{s:3:"foo";O:7:"MyClass":1:{s:13:"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44433&edit=1
