ID: 29395 Updated by: [EMAIL PROTECTED] Reported By: thecwin at gmail dot com -Status: Feedback +Status: Closed Bug Type: SQLite related Operating System: XP Home and Slackware Linux PHP Version: 5CVS-2004-07-26 (dev) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2004-07-27 13:30:41] [EMAIL PROTECTED] Try this quickfix: http://tony2004.phpclub.net/dev/tmp/sqlite.diff ------------------------------------------------------------------------ [2004-07-26 21:18:39] thecwin at gmail dot com Description: ------------ http://cwin.dotgeek.org/mem.php http://cwin.redirectme.net/mem.php If an empty string like "" is passed to a function as an argument which then passes the argument to sqlite_escape_string($arg), the returned value will be random garbage. The returned value may contain words or useless data. It looks like its reading random memory. Similar to bug 29339, but does *not* work when passing an empty string created in the function from which it is calling sqlite_escape_string Reproduce code: --------------- http://cwin.redirectme.net/mem.phps This is affected: <?php function escapeSimple($str) { return @sqlite_escape_string($str); } echo escapeSimple(""); ?> whereas this is not: <?php echo sqlite_escape_string(""); ?> Expected result: ---------------- It should return/print nothing. Actual result: -------------- (Possibly) random characters. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=29395&edit=1
