Edit report at https://bugs.php.net/bug.php?id=62361&edit=1
ID: 62361 Updated by: fel...@php.net Reported by: lgynove at 163 dot com Summary: SQLite3::escapeString -Status: Verified +Status: Open Type: Bug Package: SQLite related Operating System: windows xp PHP Version: 5.3.14 Block user comment: N Private report: N New Comment: But we have implemented an auxiliar escaping routine to escape the binary ones, as pointed out by the reporter. Previous Comments: ------------------------------------------------------------------------ [2012-06-27 13:42:50] a...@php.net That's not a php bug i'd say. We rely here on the functionality of http://www.sqlite.org/c3ref/mprintf.html using %q format option. And what their manual says --- The %q option works like %s in that it substitutes a nul-terminated string from the argument list. But %q also doubles every '\'' character. %q is designed for use inside a string literal. By doubling each '\'' character it escapes that character and allows it to be inserted into the string. --- Escaping '\'' and '\0' can be of course easily implemented. But, as sqlite3 itself has no other string formatting options, I'd really doubt the usefulness and correctness of such an implementation. Furthermore, if such a data would be selected back from the db, some code would be needed to restore all that escaped '\0' bytes and whatever else. It might make sense to use base64 or alike to insert binary data into sqlite3 i think. ------------------------------------------------------------------------ [2012-06-24 21:05:17] fel...@php.net In fact actually escapeString() method is not binary-safe. ------------------------------------------------------------------------ [2012-06-19 05:28:29] lgynove at 163 dot com Description: ------------ this bug in sqlite3,not sqlite. use picture file (*.jpg) is not work use *.txt is work ok if use sqlite function (sqlite_escape_string) is work ok! Test script: --------------- $db = new sqlite3(dirname(__FILE__) . '/test.sqlite'); $str = file_get_contents('d:/www/test.jpg'); echo strlen($str),"\n"; $str = $db->escapeString($str); echo strlen($str),"\n"; $str = file_get_contents('d:/www/test.txt'); echo strlen($str),"\n"; $str = $db->escapeString($str); echo strlen($str),"\n"; Expected result: ---------------- 5000 5000 35 35 Actual result: -------------- 5000 4 35 35 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62361&edit=1
