Properly quote binary strings

php · Sep 20, 2024 · cb36fc5 · cb36fc5
1 parent dd983d9
commit cb36fc5
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 10 deletions.
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
@@ -309,26 +309,37 @@ static zend_string* mysql_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquo
 {
 	pdo_mysql_db_handle *H = (pdo_mysql_db_handle *)dbh->driver_data;
 	bool use_national_character_set = 0;
+	bool use_binary = 0;
 	char *quoted;
 	size_t quotedlen;
 	zend_string *quoted_str;
 
-	if (H->assume_national_character_set_strings) {
-		use_national_character_set = 1;
-	}
-	if ((paramtype & PDO_PARAM_STR_NATL) == PDO_PARAM_STR_NATL) {
-		use_national_character_set = 1;
-	}
-	if ((paramtype & PDO_PARAM_STR_CHAR) == PDO_PARAM_STR_CHAR) {
-		use_national_character_set = 0;
+	if ((paramtype & PDO_PARAM_LOB) == PDO_PARAM_LOB) {
+		use_binary = 1;
+	} else {
+		if (H->assume_national_character_set_strings) {
+			use_national_character_set = 1;
+		}
+		if ((paramtype & PDO_PARAM_STR_NATL) == PDO_PARAM_STR_NATL) {
+			use_national_character_set = 1;
+		}
+		if ((paramtype & PDO_PARAM_STR_CHAR) == PDO_PARAM_STR_CHAR) {
+			use_national_character_set = 0;
+		}
 	}
 
 	PDO_DBG_ENTER("mysql_handle_quoter");
 	PDO_DBG_INF_FMT("dbh=%p", dbh);
 	PDO_DBG_INF_FMT("unquoted=%.*s", (int)ZSTR_LEN(unquoted), ZSTR_VAL(unquoted));
-	quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0));
+	quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3 + (use_national_character_set ? 1 : 0) +
+		(use_binary ? 7 : 0));
+
+	if (use_binary) {
+		quotedlen = mysql_real_escape_string_quote(H->server, quoted + 8, ZSTR_VAL(unquoted), ZSTR_LEN(unquoted), '\'');
+		memcpy(quoted, "_binary'", 8);
 
-	if (use_national_character_set) {
+		quotedlen += 7; /* _binary prefix */
+	} else if (use_national_character_set) {
 		quotedlen = mysql_real_escape_string_quote(H->server, quoted + 2, ZSTR_VAL(unquoted), ZSTR_LEN(unquoted), '\'');
 		quoted[0] = 'N';
 		quoted[1] = '\'';

diff --git a/ext/pdo_mysql/tests/pdo_mysql_prepare_emulated_binary.phpt b/ext/pdo_mysql/tests/pdo_mysql_prepare_emulated_binary.phpt
@@ -14,6 +14,10 @@ $db = MySQLPDOTest::factory();
     $db = MySQLPDOTest::factory();
     $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
 
+    // Force the connection to utf8, which is enough to make the test fail
+    // MySQL 5.6+ would be required for utf8mb4
+    $db->exec("SET NAMES 'utf8'");
+
     $content = '0191D886E6DC73E7AF1FEE7F99EC6235';
 
     $statement = $db->prepare('SELECT HEX(?) as test');