From: anandsamyo at yahoo dot gr
Operating system: Linux
PHP version: 5.1.5CVS
PHP Bug Type: MySQL related
Bug description: no mysql_error() after stripcslashes($query)
Description:
------------
If I POST any $query with (') from querydb.html
ex. $query="update subscribers set name='theo' where..."
it will be received by querydb.php like
$query = $_POST[query]="update subscribers set name=\'theo\' where..."
and then stripcslashes($query)="update subscribers set name='theo'
where..."
If the query is not correct
(ex: ...("updata subscribers set name='theo' where...")
It will not be executed and there will be no
return of mysql_error().
But----------------------------------------------------------
If I pull out of the code of (querydb.php) the line
$query = stripcslashes($query);
then the query of course is not correct and will not be executes
(ex: ..."update subscribers set name=\'theo\' where...")
but
this code RETURNS the mysql_error().
Reproduce code:
---------------
//----------------------------------------------------
CREATE TABLE `subscribers` (
`username` varchar(10) NOT NULL default '',
`password` varchar(10) NOT NULL default '',
PRIMARY KEY (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=218 ;
//querydb.html----------------------------------------------------
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<table border='0' bgcolor='#eeeeee' width='850' style='font-family:
Verdana, Arial; font-size: 8pt;' cellspacing='0' cellpadding='2'>
<tr><td width='850'align='left' bgcolor='#f1f1f1' style='font-family:
Verdana Arial; font-size: 8pt; color: #f00000' ></td><tr>
<form name='querydb' action='querydb.php' method='POST' >
<tr><td width='850' ><textarea rows='7' name='query' cols='103'
>$query</textarea></td></tr>
<tr><td width='850' align='center' ><input type='submit' value='SUBMIT'
style='font-family: Verdana, Arial; font-size: 8px; '
name='submit'></td></tr>
</form>
</table>
</body>
</html>
//querydb.php---------------------------------------------------
<?php
$conn = mysql_connect ("localhost", "user", "pass") or die ('I cannot
connect to the database because: ' . mysql_error());
mysql_select_db ("autosgr_autosdb");
$query = "$_POST[query]";
$query = stripcslashes($query);
mysql_query($query, $conn)or die(mysql_error());
?>
//-------------------------------------------------------------
Expected result:
----------------
I expect to see the mysql_error() when I POST a wrong query.
Actual result:
--------------
$query = stripcslashes($query);
this line is neccessary but in case I post the wrong query I do not get a
report of mysql_error() back.
--
Edit bug report at http://bugs.php.net/?id=37990&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37990&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=37990&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37990&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37990&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37990&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37990&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=37990&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=37990&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37990&r=support
Expected behavior: http://bugs.php.net/fix.php?id=37990&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37990&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37990&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37990&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37990&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37990&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=37990&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=37990&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=37990&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=37990&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=37990&r=mysqlcfg
