ID: 47982 Updated by: [email protected] Reported By: markac at home dot pl Status: Assigned Bug Type: MySQL related Operating System: WinXP PHP Version: 5.2CVS-2009-04-16 (snap) Assigned To: mysql New Comment:
I don't call this a bug. PDO::PARAM_LOB "can be either textual or binary in nature": "At some point in your application, you might find that you need to store "large" data in your database. Large typically means "around 4kb or more", although some databases can happily handle up to 32kb before data becomes "large". Large objects can be either textual or binary in nature. PDO allows you to work with this large data type by using the PDO::PARAM_LOB type code in your PDOStatement::bindParam() or PDOStatement::bindColumn() calls. PDO::PARAM_LOB tells PDO to map the data as a stream, so that you can manipulate it using the PHP Streams API.", http://www.php.net/manual/en/pdo.lobs.php PDO_MySQL threats PDO::PARAM_LOB like textual data. Textual data needs to be escaped. This is what also happens if you use the PDO Prepared Statmeent emulation, which has been a default for a long time. When using the emulation, the column will be seen as textual data and be escaped. This, however, is not a MySQL specific problem. MySQL is affected because it supports charsets and stuff. But every other PDO driver supporting charsets is affected as well. A proper fix would be to introduce PDO::PARAM_BLOB for use with binary data. PDO::PARAM_BLOB should go into the PDO core. As changes to the core can impact all drivers, a volunteer is needed to check and/or update all drivers to get this PDO flaw fixed. Ulf Previous Comments: ------------------------------------------------------------------------ [2009-04-22 10:51:40] [email protected] Thanks. Got it now reproduced using 5.2 as well as 5.3 (with both libmysql and mysqlnd) ------------------------------------------------------------------------ [2009-04-21 18:48:05] markac at home dot pl Only dependant on the SET NAMES. ------------------------------------------------------------------------ [2009-04-21 15:10:53] [email protected] I'm not sure I correctly understand your both last messages. Is the problem only dependant on the SET NAMES call or also on the server version? Thanks for clarification. ------------------------------------------------------------------------ [2009-04-16 13:33:16] markac at home dot pl Sorry once again. Works when $pdo->exec('SET CHARACTER SET utf8'); is commented. ------------------------------------------------------------------------ [2009-04-16 13:28:11] markac at home dot pl Strange, but when I using another remote database server 5.0.66a everything is good. I thing problem is on my site (bad MySQL or PHP configuration? ;/). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/47982 -- Edit this bug report at http://bugs.php.net/?id=47982&edit=1
