#35368 [Asn]: PDO query does not work properly with serialize

lists at cyberlot dot net Thu, 24 Nov 2005 08:12:15 -0800

 ID:               35368
 User updated by:  lists at cyberlot dot net
 Reported By:      lists at cyberlot dot net
 Status:           Assigned
 Bug Type:         PDO related
 Operating System: Centos 4.1
 PHP Version:      6CVS-2005-11-24 (snap)
 Assigned To:      wez
 New Comment:


pdo->quote does not solve the problem either


Previous Comments:
------------------------------------------------------------------------

[2005-11-24 17:02:43] lists at cyberlot dot net

Also tried with sqlite, did not get the same issue.

------------------------------------------------------------------------

[2005-11-24 16:46:13] lists at cyberlot dot net

Recompiled from
--with-pdo --with-mysql
to
--with-pdo --with-mysqli

Still the same issue so its within pdo itself and not some weird
interaction between pdo and mysql library

------------------------------------------------------------------------

[2005-11-24 16:29:41] lists at cyberlot dot net

I tried the same thing using prepare/bind/execute and it does insert
the serialized/escaped string properly with the slashes as expected so
this is limited to a issue with the pdo->query

------------------------------------------------------------------------

[2005-11-24 16:19:25] [EMAIL PROTECTED]

Assigned to the maintainer.

------------------------------------------------------------------------

[2005-11-24 16:07:36] lists at cyberlot dot net

Description:
------------
If you serialize a string, and run any of the escape functions,
mysql_escape, addslashes you can not use pdo->query to insert and it
does some sort of bind params translation on the string.

Bug exists in php5.1RC4 as I was using that version when I first found
this and upgraded to see if issue was resolved.

Using prepared statements ( and therefore not having to escape the data
before hand ) works.

Reproduce code:
---------------
<?

$dsn = 'mysql:dbname=alpha;host=localhost';
$login = 'alpha';
$password = 'alpha';
$db = new PDO($dsn, $login, $password);
$TEST['test']['test2'] = '1234';
$TEST['test']['test3'] = '555353';
$var = serialize($TEST);
echo "$var\n<BR>\n";
$var = mysql_escape_string($var);
$query = "INSERT INTO sessions SET value = '$var'";
$db->query($query);
$query = 'SELECT value FROM sessions';
$result = $db->query($query);
$row = $result->fetch();
echo $row[0]."\n<BR>\n";
?>


Expected result:
----------------
[EMAIL PROTECTED] www_admin]# php index.php
a:1:{s:4:"test";a:2:{s:5:"test2";s:4:"1234";s:5:"test3";s:6:"555353";}}
<BR>
a:1:{s:4:"test";a:2:{s:5:"test2";s:4:"1234";s:5:"test3";s:6:"555353";}}
<BR>


Actual result:
--------------
[EMAIL PROTECTED] www_admin]# php index.php
a:1:{s:4:"test";a:2:{s:5:"test2";s:4:"1234";s:5:"test3";s:6:"555353";}}
<BR>
a?:{s?:"test";a?:{s?:"test2";s?:"1234";s?:"test3";s?:"555353";}}
<BR>



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

#35368 [Asn]: PDO query does not work properly with serialize

Reply via email to