Skip to content
This repository was archived by the owner on Oct 2, 2019. It is now read-only.

Commit a784d7e

Browse files
committed
[zendframework#372] Quote null byte characters
- Implements a patch that ensures that null byte characters are properly quoted in the SQL Server adapter.
1 parent d516863 commit a784d7e

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

library/Zend/Db/Adapter/Sqlsrv.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -314,6 +314,7 @@ protected function _quote($value)
314314
return sprintf('%F', $value);
315315
}
316316

317+
$value = addcslashes($value, "\000\032");
317318
return "'" . str_replace("'", "''", $value) . "'";
318319
}
319320

tests/Zend/Db/Adapter/SqlsrvTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -558,4 +558,15 @@ public function getDriver()
558558
{
559559
return 'Sqlsrv';
560560
}
561+
562+
/**
563+
* test that quote() escapes null byte character
564+
* in a string.
565+
*/
566+
public function testAdapterQuoteNullByteCharacter()
567+
{
568+
$string = "1\0";
569+
$value = $this->_db->quote($string);
570+
$this->assertEquals("'1\\000'", $value);
571+
}
561572
}

0 commit comments

Comments
 (0)