Skip to content

ext/sqlite3: reject NUL bytes in SQLite3::escapeString()#22774

Open
iliaal wants to merge 1 commit into
php:masterfrom
iliaal:fix/sqlite3-escapestring-nul
Open

ext/sqlite3: reject NUL bytes in SQLite3::escapeString()#22774
iliaal wants to merge 1 commit into
php:masterfrom
iliaal:fix/sqlite3-escapestring-nul

Conversation

@iliaal

@iliaal iliaal commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

SQLite3::escapeString() builds its result with sqlite3_mprintf("%q"), which stops at the first C NUL. PHP strings carry a length and may embed NULs, so "a\0b" came back as "a" and any SQL built from it silently lost everything after the NUL. Prepared binds pass an explicit length and are unaffected.

ext/pdo_sqlite rejected the same inputs for PDO::quote in 0a10f6d (GH-13952), landing on 8.5 and up rather than 8.4. That check consults dbh->error_mode and throws a PDOException, warns, or returns NULL; escapeString() is static, so there is no connection to consult and a ValueError is the only option available to it.

Targeting master because rejecting an input that previously returned a truncated string is a behaviour change, and 0a10f6d kept the same change off 8.4.

escapeString() used sqlite3_mprintf("%q"), which stops at the first C NUL.
PHP strings are length-aware and may embed NULs, so values such as "a\0b"
were silently truncated to "a" when interpolated into SQL. Prepared binds
pass an explicit length and are unaffected.

ext/pdo_sqlite rejected the same inputs for PDO::quote in 0a10f6d
(phpGH-13952), on 8.5 and up. That check consults the connection's error mode;
escapeString() is static and has no connection, so it throws instead.

Closes phpGH-22774

@ndossche ndossche left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should use the "P" zend_parse_parameters classifier instead of "S", it will do the check for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants