neoform Posted May 14, 2008 Share Posted May 14, 2008 INSERT INTO system_users_stored_sessions SET session = 'm\0ý?¤NGIs!ðü\"„Ø¿æ„tü±I„Ùõòä]Îm”áÖ,o>¢¨ü^•-ÀdÓkD,¿-ü–¼–ïT', posted_on = NOW(), name = 'foo', body = 'blop' I'm attempting to store a whirlpool hash (as a binary string since it's half the length of the hex version that is the default output.. the problem is, the second char of this particular hash is a null char, which for one reason or another causes mysql to kill the field after the m on output. I can't tell if this is a mysql or php issue, but I'm learning towards it being a mysql issue. When I assemble the query in PHP i use mysqli_real_escape_string.. maybe it's not escaping all the chars properly? CREATE TABLE `system_users_stored_sessions` ( `session` binary(128) NOT NULL, `name` char(32) NOT NULL, `posted_on` datetime NOT NULL, `body` varchar(65000) NOT NULL, PRIMARY KEY (`session`,`name`), KEY `posted_on` (`posted_on`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; Any ideas? Quote Link to comment Share on other sites More sharing options...
neoform Posted May 14, 2008 Author Share Posted May 14, 2008 I'm starting to think this might be a PHP bug.. class nsessions { const SESSION_TIMEOUT = 1800; //seconds public $vars; //65000 chars max private $name; //32 chars max public function __construct($name) { $this->name = $name; if (strlen($this->name) > 32) { trigger_error( "Could not create session properly. The name assigned to the session \"".$this->name."\" is too long. It should not be more than 32 chars long.", E_USER_ERROR ); } //this might be better off as a cron $GLOBALS['sql']->write(" DELETE FROM system_users_stored_sessions WHERE posted_on < '".safe_string(make_mysql_timestamp(time() - self::SESSION_TIMEOUT))."' "); } public function get() { if ($session_info = mysqli_fetch_assoc($GLOBALS['sql']->read(" SELECT session body FROM system_users_stored_sessions WHERE session = '".$GLOBALS['sql']->real_escape_string($GLOBALS['ref_code'])."' AND name = '".$GLOBALS['sql']->real_escape_string($this->name)."' "))) { $this->vars = unserialize($session_info['body']); } else { $vars = false; } } public function set(&$vars) { $this->vars = $vars; $GLOBALS['sql']->write(" INSERT INTO system_users_stored_sessions SET session = '".$GLOBALS['sql']->real_escape_string($GLOBALS['ref_code'])."', posted_on = NOW(), name = '".$GLOBALS['sql']->real_escape_string($this->name)."', body = '".$GLOBALS['sql']->real_escape_string(serialize($this->vars))."' "); } } Quote Link to comment Share on other sites More sharing options...
fenway Posted May 14, 2008 Share Posted May 14, 2008 I think you have to tell php it's handling binary data. Quote Link to comment Share on other sites More sharing options...
neoform Posted May 14, 2008 Author Share Posted May 14, 2008 I've looked all over php.net and haven't seen anything indicating how to specify a binary string from a regular one.. Quote Link to comment Share on other sites More sharing options...
neoform Posted May 14, 2008 Author Share Posted May 14, 2008 Nah, come to think of it, it can't be that.. There must be something wrong when it comes to the real_escape_string function. When I applied addslashes() to the string it properly escaped the null char.. Quote Link to comment Share on other sites More sharing options...
neoform Posted May 14, 2008 Author Share Posted May 14, 2008 I've submitted this as a PHP bug.. http://bugs.php.net/bug.php?id=44998&thanks=4 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.