FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » store backslash in mysql database
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
store backslash in mysql database [message #170640] Fri, 12 November 2010 22:03 Go to next message
Peter is currently offline  Peter
Messages: 15
Registered: March 2003
Karma: 0
Junior Member
Let me apologise in advance as I'm unsure if this can be resolved with
php or I need to post to a SQL group.

Anyway, I have some data that is encrypted before being stored, but I
noticed that sometimes the retrieved data, when decrypted, didn't match
the original data.

What I discovered was that the encryption routine sometimes created the
backslash character as part of the encryption string. Something like:

CÊ=3Fa=3F³Ýöâ8T\TBÆ

However, when this was stored in the database, the backslash became
removed leaving:

CÊ=3Fa=3F³Ýöâ8TTBÆ

I thought, if I just add:

$string = str_replace("\","\\",$string);

that would resolve the problem. Thinking that an escaped backslash would
allow the single backslash char to be stored.

However, that appears to be syntatically incorrect with php.

So is there any other way to force a backslash into the database, by
creating an escaped backslash, or am I going completely wrong and it
wouldn't have worked anyway and I need to deal with this issue on a
purely SQL basis.

--
Pete Ives
Remove All_stRESS before sending me an email
Re: store backslash in mysql database [message #170641 is a reply to message #170640] Fri, 12 November 2010 22:11 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/12/2010 5:03 PM, Peter wrote:
> Let me apologise in advance as I'm unsure if this can be resolved with
> php or I need to post to a SQL group.
>
> Anyway, I have some data that is encrypted before being stored, but I
> noticed that sometimes the retrieved data, when decrypted, didn't match
> the original data.
>
> What I discovered was that the encryption routine sometimes created the
> backslash character as part of the encryption string. Something like:
>
> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>
> However, when this was stored in the database, the backslash became
> removed leaving:
>
> CÊ=3Fa=3F³Ýöâ8TTBÆ
>
> I thought, if I just add:
>
> $string = str_replace("\","\\",$string);
>
> that would resolve the problem. Thinking that an escaped backslash would
> allow the single backslash char to be stored.
>
> However, that appears to be syntatically incorrect with php.
>
> So is there any other way to force a backslash into the database, by
> creating an escaped backslash, or am I going completely wrong and it
> wouldn't have worked anyway and I need to deal with this issue on a
> purely SQL basis.
>

Yes, this would be incorrect because the "\" is interpreted as the start
of a string (") followed by an escaped quote (/"). The end of the
string would be the quote at the beginning of what you think should be
the second string.

You need to do str_replace("\\", "\\\\", $string);

Better would be to fix your encryption routine to not generate a single
backslash.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170642 is a reply to message #170641] Fri, 12 November 2010 22:36 Go to previous messageGo to next message
Peter is currently offline  Peter
Messages: 15
Registered: March 2003
Karma: 0
Junior Member
In article <ibke2p$9gj$1(at)news(dot)eternal-september(dot)org>,
jstucklex(at)attglobal(dot)net says...
> On 11/12/2010 5:03 PM, Peter wrote:
>> Let me apologise in advance as I'm unsure if this can be resolved with
>> php or I need to post to a SQL group.
>>
>> Anyway, I have some data that is encrypted before being stored, but I
>> noticed that sometimes the retrieved data, when decrypted, didn't match
>> the original data.
>>
>> What I discovered was that the encryption routine sometimes created the
>> backslash character as part of the encryption string. Something like:
>>
>> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>>
>> However, when this was stored in the database, the backslash became
>> removed leaving:
>>
>> CÊ=3Fa=3F³Ýöâ8TTBÆ
>>
>> I thought, if I just add:
>>
>> $string = str_replace("\","\\",$string);
>>
>> that would resolve the problem. Thinking that an escaped backslash would
>> allow the single backslash char to be stored.
>>
>> However, that appears to be syntatically incorrect with php.
>>
>> So is there any other way to force a backslash into the database, by
>> creating an escaped backslash, or am I going completely wrong and it
>> wouldn't have worked anyway and I need to deal with this issue on a
>> purely SQL basis.
>>
>
> Yes, this would be incorrect because the "\" is interpreted as the start
> of a string (") followed by an escaped quote (/"). The end of the
> string would be the quote at the beginning of what you think should be
> the second string.
>
> You need to do str_replace("\\", "\\\\", $string);
>
> Better would be to fix your encryption routine to not generate a single
> backslash.
>
>

Cheers Jerry. Had grabbed the routine online so wasn't aware that it was
doing this. Just accepted that it was what I needed to get the job done.
Why re-invent the wheel, as they say.

However, will examine the routine to see if I can figure out how to
avoid creating the backslash. Problem is though, that the same
encryption routine is also used to decrypt, so my initial concern would
be that I could place some code that prevents the backslash being
created, but would it work in reverse when I'm decrypting the string.

Anyway, that's my problem, not yours.

Thanks for helping.

--
Pete Ives
Remove All_stRESS before sending me an email
Re: store backslash in mysql database [message #170643 is a reply to message #170640] Sat, 13 November 2010 02:13 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/12/2010 07:03 PM, Peter wrote:
> Let me apologise in advance as I'm unsure if this can be resolved with
> php or I need to post to a SQL group.
>
> Anyway, I have some data that is encrypted before being stored, but I
> noticed that sometimes the retrieved data, when decrypted, didn't match
> the original data.
>
> What I discovered was that the encryption routine sometimes created the
> backslash character as part of the encryption string. Something like:
>
> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>
> However, when this was stored in the database, the backslash became
> removed leaving:
>
> CÊ=3Fa=3F³Ýöâ8TTBÆ
>
> I thought, if I just add:
>
> $string = str_replace("\","\\",$string);
>
> that would resolve the problem. Thinking that an escaped backslash would
> allow the single backslash char to be stored.
>
> However, that appears to be syntatically incorrect with php.
>
> So is there any other way to force a backslash into the database, by
> creating an escaped backslash, or am I going completely wrong and it
> wouldn't have worked anyway and I need to deal with this issue on a
> purely SQL basis.
>

Are you using MySQL? Then try mysql_real_escape_string();, that one will
do the filtering to allow anything inside.

You should consider also using PDO.
Re: store backslash in mysql database [message #170645 is a reply to message #170643] Sat, 13 November 2010 03:28 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/12/2010 9:13 PM, Magno wrote:
> On 11/12/2010 07:03 PM, Peter wrote:
>> Let me apologise in advance as I'm unsure if this can be resolved with
>> php or I need to post to a SQL group.
>>
>> Anyway, I have some data that is encrypted before being stored, but I
>> noticed that sometimes the retrieved data, when decrypted, didn't match
>> the original data.
>>
>> What I discovered was that the encryption routine sometimes created the
>> backslash character as part of the encryption string. Something like:
>>
>> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>>
>> However, when this was stored in the database, the backslash became
>> removed leaving:
>>
>> CÊ=3Fa=3F³Ýöâ8TTBÆ
>>
>> I thought, if I just add:
>>
>> $string = str_replace("\","\\",$string);
>>
>> that would resolve the problem. Thinking that an escaped backslash would
>> allow the single backslash char to be stored.
>>
>> However, that appears to be syntatically incorrect with php.
>>
>> So is there any other way to force a backslash into the database, by
>> creating an escaped backslash, or am I going completely wrong and it
>> wouldn't have worked anyway and I need to deal with this issue on a
>> purely SQL basis.
>>
>
> Are you using MySQL? Then try mysql_real_escape_string();, that one will
> do the filtering to allow anything inside.
>
> You should consider also using PDO.

mysql_real_escape_string() won't change backslashes. It has no way to
know if, for instance, "\n" is a newline character or a backslash and an
n. mysql_real_escape_string() is for single quotes (SQL string
start/end character) and the like, depending on the charset.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170651 is a reply to message #170645] Sat, 13 November 2010 08:41 Go to previous messageGo to next message
Helmut Chang is currently offline  Helmut Chang
Messages: 22
Registered: September 2010
Karma: 0
Junior Member
Am 13.11.2010 04:28, schrieb Jerry Stuckle:

> mysql_real_escape_string() won't change backslashes.

Of course it does. It's exactly, what this function is for:

<http://www.php.net/manual/en/function.mysql-real-escape-string.php>

| mysql_real_escape_string() calls MySQL's library function
| mysql_real_escape_string, which prepends backslashes to the following
| characters: \x00, \n, \r, \, ', " and \x1a.

> It has no way to
> know if, for instance, "\n" is a newline character or a backslash and an
> n.

Yes, it has. Because PHP has this ability:

'\n' is a string, containing a backslash and an n
"\n" is a string, containing only a newline character

<?php
$db = mysql_connect('localhost', ..., ...);

$data = 'CÊ=3Fa=3F³Ýöâ8T\TBÆ';
var_dump(mysql_real_escape_string($data, $db));

$data = "Foo\nBar";
var_dump(mysql_real_escape_string($data, $db));

$data = 'Foo\nBar';
var_dump(mysql_real_escape_string($data, $db));
?>

Helmut
Re: store backslash in mysql database [message #170652 is a reply to message #170640] Sat, 13 November 2010 09:45 Go to previous messageGo to next message
Robert Hairgrove is currently offline  Robert Hairgrove
Messages: 19
Registered: September 2010
Karma: 0
Junior Member
Peter wrote:
> Let me apologise in advance as I'm unsure if this can be resolved with
> php or I need to post to a SQL group.
>
> Anyway, I have some data that is encrypted before being stored, but I
> noticed that sometimes the retrieved data, when decrypted, didn't match
> the original data.
>
> What I discovered was that the encryption routine sometimes created the
> backslash character as part of the encryption string. Something like:
>
> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>
> However, when this was stored in the database, the backslash became
> removed leaving:
>
> CÊ=3Fa=3F³Ýöâ8TTBÆ
>
> I thought, if I just add:
>
> $string = str_replace("\","\\",$string);
>
> that would resolve the problem. Thinking that an escaped backslash would
> allow the single backslash char to be stored.
>
> However, that appears to be syntatically incorrect with php.
>
> So is there any other way to force a backslash into the database, by
> creating an escaped backslash, or am I going completely wrong and it
> wouldn't have worked anyway and I need to deal with this issue on a
> purely SQL basis.
>

I suggest you convert the data to something like base64 format or URI
encoding before storing it in the database. That way, you avoid this
issue and perhaps a few others as well (i.e. any unforeseen implicit
conversions of binary data). Besides, you can store the data as a normal
VARCHAR or TEXT field.

PHP provides the functions base64_encode and base64_decode, for example.
Re: store backslash in mysql database [message #170665 is a reply to message #170652] Sun, 14 November 2010 16:14 Go to previous messageGo to next message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
Senior Member
.oO(Robert Hairgrove)

> I suggest you convert the data to something like base64 format or URI
> encoding before storing it in the database. That way, you avoid this
> issue and perhaps a few others as well (i.e. any unforeseen implicit
> conversions of binary data). Besides, you can store the data as a normal
> VARCHAR or TEXT field.

I would rather suggest to find the real reason for the problem and fix
it. It's a bug in some part of the code, not in MySQL.

If MySQL would have a problem with such data, you won't be able to store
BLOBs either. But a byte can be anything from 0x00..0xFF. Binary data is
binary data - MySQL won't touch it, so the problem is somewhere in the
scripts. Either the decryption fails or - even more likely - the data is
already improperly sent to the DB by the encryption script.

Micha
Re: store backslash in mysql database [message #170668 is a reply to message #170665] Sun, 14 November 2010 17:11 Go to previous messageGo to next message
Peter is currently offline  Peter
Messages: 15
Registered: March 2003
Karma: 0
Junior Member
In article <1g20e6900nhpj7k9ko2gvl223tl6jhmmgk(at)mfesser(dot)de>,
netizen(at)gmx(dot)de says...
> .oO(Robert Hairgrove)
>
>> I suggest you convert the data to something like base64 format or URI
>> encoding before storing it in the database. That way, you avoid this
>> issue and perhaps a few others as well (i.e. any unforeseen implicit
>> conversions of binary data). Besides, you can store the data as a normal
>> VARCHAR or TEXT field.
>
> I would rather suggest to find the real reason for the problem and fix
> it. It's a bug in some part of the code, not in MySQL.
>

Well, I wouldn't exactly have called it a bug. It was a script that I
found on the internet and it's possible the original creator didn't have
it in mind to store the data in a mysql database. And as I didn't write
the script, who knows?

As to debugging the script, it uses some maths functions including ord
to convert the original data into the encrypted data. So, I'm not sure
how the function is supposed to know what the outcome of the encryption
is going to be before it knows what the input is?

So, all I could potentially do, as I see it, is include an extra:

if, char converted to backslash, then change to a different char.

However, how would I then know, when decrypting back that the different
char wasn't created as part of the original encryption or by my if
statement?

--
Pete Ives
Remove All_stRESS before sending me an email
Re: store backslash in mysql database [message #170673 is a reply to message #170668] Sun, 14 November 2010 18:38 Go to previous messageGo to next message
Helmut Chang is currently offline  Helmut Chang
Messages: 22
Registered: September 2010
Karma: 0
Junior Member
Am 14.11.2010 18:11, schrieb Peter:

> Well, I wouldn't exactly have called it a bug. It was a script that I
> found on the internet and it's possible the original creator didn't have
> it in mind to store the data in a mysql database. And as I didn't write
> the script, who knows?

And who wrote the script, that stores the encrypted value incorrect in
the database?

> As to debugging the script, it uses some maths functions including ord
> to convert the original data into the encrypted data. So, I'm not sure
> how the function is supposed to know what the outcome of the encryption
> is going to be before it knows what the input is?

The bug is not in the part of the encryption script. It is in the part,
where the encrypted data is stored to the database.

> So, all I could potentially do, as I see it, is include an extra:
>
> if, char converted to backslash, then change to a different char.

No! Haven't you read the other answers, concerning
<http://www.php.net/manual/en/function.mysql-real-escape-string.php>?

There are some characters in strings and blobs, that have to be escaped
when used in a (My)SQL query. And it's not only the backslash. This
function does it for you in the correct way! *But*: The escape sequences
are *not* stored in the database. So when you fetch the value again, it
is exactly as you want it.

> However, how would I then know, when decrypting back that the different
> char wasn't created as part of the original encryption or by my if
> statement?

You don't need to, if you do, what I've written above.

Helmut
Re: store backslash in mysql database [message #170674 is a reply to message #170645] Sun, 14 November 2010 18:47 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/13/2010 12:28 AM, Jerry Stuckle wrote:
> On 11/12/2010 9:13 PM, Magno wrote:
>> On 11/12/2010 07:03 PM, Peter wrote:
>>> Let me apologise in advance as I'm unsure if this can be resolved with
>>> php or I need to post to a SQL group.
>>>
>>> Anyway, I have some data that is encrypted before being stored, but I
>>> noticed that sometimes the retrieved data, when decrypted, didn't match
>>> the original data.
>>>
>>> What I discovered was that the encryption routine sometimes created the
>>> backslash character as part of the encryption string. Something like:
>>>
>>> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>>>
>>> However, when this was stored in the database, the backslash became
>>> removed leaving:
>>>
>>> CÊ=3Fa=3F³Ýöâ8TTBÆ
>>>
>>> I thought, if I just add:
>>>
>>> $string = str_replace("\","\\",$string);
>>>
>>> that would resolve the problem. Thinking that an escaped backslash would
>>> allow the single backslash char to be stored.
>>>
>>> However, that appears to be syntatically incorrect with php.
>>>
>>> So is there any other way to force a backslash into the database, by
>>> creating an escaped backslash, or am I going completely wrong and it
>>> wouldn't have worked anyway and I need to deal with this issue on a
>>> purely SQL basis.
>>>
>>
>> Are you using MySQL? Then try mysql_real_escape_string();, that one will
>> do the filtering to allow anything inside.
>>
>> You should consider also using PDO.
>
> mysql_real_escape_string() won't change backslashes. It has no way to
> know if, for instance, "\n" is a newline character or a backslash and an
> n. mysql_real_escape_string() is for single quotes (SQL string start/end
> character) and the like, depending on the charset.
>

LOL, I was expecting that answer from you or Thomas p...
well, Helmut already replied to you.
Re: store backslash in mysql database [message #170676 is a reply to message #170674] Sun, 14 November 2010 19:05 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/14/2010 1:47 PM, Magno wrote:
> On 11/13/2010 12:28 AM, Jerry Stuckle wrote:
>> On 11/12/2010 9:13 PM, Magno wrote:
>>> On 11/12/2010 07:03 PM, Peter wrote:
>>>> Let me apologise in advance as I'm unsure if this can be resolved with
>>>> php or I need to post to a SQL group.
>>>>
>>>> Anyway, I have some data that is encrypted before being stored, but I
>>>> noticed that sometimes the retrieved data, when decrypted, didn't match
>>>> the original data.
>>>>
>>>> What I discovered was that the encryption routine sometimes created the
>>>> backslash character as part of the encryption string. Something like:
>>>>
>>>> CÊ=3Fa=3F³Ýöâ8T\TBÆ
>>>>
>>>> However, when this was stored in the database, the backslash became
>>>> removed leaving:
>>>>
>>>> CÊ=3Fa=3F³Ýöâ8TTBÆ
>>>>
>>>> I thought, if I just add:
>>>>
>>>> $string = str_replace("\","\\",$string);
>>>>
>>>> that would resolve the problem. Thinking that an escaped backslash
>>>> would
>>>> allow the single backslash char to be stored.
>>>>
>>>> However, that appears to be syntatically incorrect with php.
>>>>
>>>> So is there any other way to force a backslash into the database, by
>>>> creating an escaped backslash, or am I going completely wrong and it
>>>> wouldn't have worked anyway and I need to deal with this issue on a
>>>> purely SQL basis.
>>>>
>>>
>>> Are you using MySQL? Then try mysql_real_escape_string();, that one will
>>> do the filtering to allow anything inside.
>>>
>>> You should consider also using PDO.
>>
>> mysql_real_escape_string() won't change backslashes. It has no way to
>> know if, for instance, "\n" is a newline character or a backslash and an
>> n. mysql_real_escape_string() is for single quotes (SQL string start/end
>> character) and the like, depending on the charset.
>>
>
> LOL, I was expecting that answer from you or Thomas p...
> well, Helmut already replied to you.

That is correct. And if you read the documentation carefully, you can
see that while I was wrong on the specific instance, I was correct in
the general sense.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170677 is a reply to message #170651] Sun, 14 November 2010 19:08 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/13/2010 3:41 AM, Helmut Chang wrote:
> Am 13.11.2010 04:28, schrieb Jerry Stuckle:
>
>> mysql_real_escape_string() won't change backslashes.
>
> Of course it does. It's exactly, what this function is for:
>
> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>
>
> | mysql_real_escape_string() calls MySQL's library function
> | mysql_real_escape_string, which prepends backslashes to the following
> | characters: \x00, \n, \r, \, ', " and \x1a.
>
>> It has no way to
>> know if, for instance, "\n" is a newline character or a backslash and an
>> n.
>
> Yes, it has. Because PHP has this ability:
>
> '\n' is a string, containing a backslash and an n
> "\n" is a string, containing only a newline character
>
> <?php
> $db = mysql_connect('localhost', ..., ...);
>
> $data = 'CÊ=3Fa=3F³Ýöâ8T\TBÆ';
> var_dump(mysql_real_escape_string($data, $db));
>
> $data = "Foo\nBar";
> var_dump(mysql_real_escape_string($data, $db));
>
> $data = 'Foo\nBar';
> var_dump(mysql_real_escape_string($data, $db));
> ?>
>
> Helmut
>

You're correct on the specific case of "\n" and I am incorrect. However,
please read more closely. It does NOT handle every other instance of a
backslash - it doesn't, for instance, handle \t or \b, both of which are
valid control characters. In fact, it only handles 5 specific cases.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170683 is a reply to message #170665] Sun, 14 November 2010 22:25 Go to previous messageGo to next message
Robert Hairgrove is currently offline  Robert Hairgrove
Messages: 19
Registered: September 2010
Karma: 0
Junior Member
Michael Fesser wrote:
> .oO(Robert Hairgrove)
>
>> I suggest you convert the data to something like base64 format or URI
>> encoding before storing it in the database. That way, you avoid this
>> issue and perhaps a few others as well (i.e. any unforeseen implicit
>> conversions of binary data). Besides, you can store the data as a normal
>> VARCHAR or TEXT field.
>
> I would rather suggest to find the real reason for the problem and fix
> it. It's a bug in some part of the code, not in MySQL.
>
> If MySQL would have a problem with such data, you won't be able to store
> BLOBs either. But a byte can be anything from 0x00..0xFF. Binary data is
> binary data - MySQL won't touch it, so the problem is somewhere in the
> scripts. Either the decryption fails or - even more likely - the data is
> already improperly sent to the DB by the encryption script.
>
> Micha

But don't you think it is much easier just to store it in base64 or some
hex format? Once it is converted, all the data is in 7-bit ASCII format,
and character set issues can then be ignored WRT the MySQL DB. Why make
life more difficult than it already is?
Re: store backslash in mysql database [message #170686 is a reply to message #170683] Sun, 14 November 2010 22:41 Go to previous messageGo to next message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
Senior Member
.oO(Robert Hairgrove)

> Michael Fesser wrote:
>>
>> I would rather suggest to find the real reason for the problem and fix
>> it. It's a bug in some part of the code, not in MySQL.
>>
>> If MySQL would have a problem with such data, you won't be able to store
>> BLOBs either. But a byte can be anything from 0x00..0xFF. Binary data is
>> binary data - MySQL won't touch it, so the problem is somewhere in the
>> scripts. Either the decryption fails or - even more likely - the data is
>> already improperly sent to the DB by the encryption script.
>
> But don't you think it is much easier just to store it in base64 or some
> hex format?

No, because it simply is not necessary. Do you also encode textual data
just in case it might contain troublesome characters? No. Instead you
ensure that the data you have will make it correct and 1:1 into the DB.
That's what functions like mysql_real_escape_string() and prepared
statements are for.

> Once it is converted, all the data is in 7-bit ASCII format,

And two times bigger or so.

> and character set issues can then be ignored WRT the MySQL DB. Why make
> life more difficult than it already is?

What can be more easy than plain data in, plain data out? You just have
to do it right with the correct functions. It's all there already.

Micha
Re: store backslash in mysql database [message #170688 is a reply to message #170673] Sun, 14 November 2010 23:09 Go to previous messageGo to next message
Peter is currently offline  Peter
Messages: 15
Registered: March 2003
Karma: 0
Junior Member
In article <4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
usenet(at)helmutchang(dot)at says...
> Am 14.11.2010 18:11, schrieb Peter:
>
>> Well, I wouldn't exactly have called it a bug. It was a script that I
>> found on the internet and it's possible the original creator didn't have
>> it in mind to store the data in a mysql database. And as I didn't write
>> the script, who knows?
>
> And who wrote the script, that stores the encrypted value incorrect in
> the database?
>
>> As to debugging the script, it uses some maths functions including ord
>> to convert the original data into the encrypted data. So, I'm not sure
>> how the function is supposed to know what the outcome of the encryption
>> is going to be before it knows what the input is?
>
> The bug is not in the part of the encryption script. It is in the part,
> where the encrypted data is stored to the database.
>
>> So, all I could potentially do, as I see it, is include an extra:
>>
>> if, char converted to backslash, then change to a different char.
>
> No! Haven't you read the other answers, concerning
> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>
> There are some characters in strings and blobs, that have to be escaped
> when used in a (My)SQL query. And it's not only the backslash. This
> function does it for you in the correct way! *But*: The escape sequences
> are *not* stored in the database. So when you fetch the value again, it
> is exactly as you want it.
>
Sorry, I got a little thrown of the scent here for
mysql_real_escape_string when the disagreements started. I've now taken
a look at the function and it does seem ideal for my purposes.

--
Pete Ives
Remove All_stRESS before sending me an email
Re: store backslash in mysql database [message #170689 is a reply to message #170688] Sun, 14 November 2010 23:18 Go to previous messageGo to next message
Peter is currently offline  Peter
Messages: 15
Registered: March 2003
Karma: 0
Junior Member
In article <MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
> In article <4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
> usenet(at)helmutchang(dot)at says...
>> Am 14.11.2010 18:11, schrieb Peter:
>>
>>
>> The bug is not in the part of the encryption script. It is in the part,
>> where the encrypted data is stored to the database.
>>
>>> So, all I could potentially do, as I see it, is include an extra:
>>>
>>> if, char converted to backslash, then change to a different char.
>>
>> No! Haven't you read the other answers, concerning
>> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>
>> There are some characters in strings and blobs, that have to be escaped
>> when used in a (My)SQL query. And it's not only the backslash. This
>> function does it for you in the correct way! *But*: The escape sequences
>> are *not* stored in the database. So when you fetch the value again, it
>> is exactly as you want it.
>>
> Sorry, I got a little thrown of the scent here for
> mysql_real_escape_string when the disagreements started. I've now taken
> a look at the function and it does seem ideal for my purposes.
>
>

Sorry to reply to my own post but...

Having read right to the very end, when they say \n is replaced by '\n'
litteral, what do they mean? If that means the \n is replaced by a
completely different MySQL representation of \n, then is it still going
to work for me?

--
Pete Ives
Remove All_stRESS before sending me an email
Re: store backslash in mysql database [message #170692 is a reply to message #170689] Mon, 15 November 2010 03:08 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/14/2010 08:18 PM, Peter wrote:
> In article<MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
> pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
>> In article<4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
>> usenet(at)helmutchang(dot)at says...
>>> Am 14.11.2010 18:11, schrieb Peter:
>>>
>>>
>>> The bug is not in the part of the encryption script. It is in the part,
>>> where the encrypted data is stored to the database.
>>>
>>>> So, all I could potentially do, as I see it, is include an extra:
>>>>
>>>> if, char converted to backslash, then change to a different char.
>>>
>>> No! Haven't you read the other answers, concerning
>>> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>>
>>> There are some characters in strings and blobs, that have to be escaped
>>> when used in a (My)SQL query. And it's not only the backslash. This
>>> function does it for you in the correct way! *But*: The escape sequences
>>> are *not* stored in the database. So when you fetch the value again, it
>>> is exactly as you want it.
>>>
>> Sorry, I got a little thrown of the scent here for
>> mysql_real_escape_string when the disagreements started. I've now taken
>> a look at the function and it does seem ideal for my purposes.
>>
>>
>
> Sorry to reply to my own post but...
>
> Having read right to the very end, when they say \n is replaced by '\n'
> litteral, what do they mean? If that means the \n is replaced by a
> completely different MySQL representation of \n, then is it still going
> to work for me?
>

Just use that function and determine by yourself that it works... Don’t
mind the comment by Jerry, he clearly has a confusion about
control-characters in PHP.
Re: store backslash in mysql database [message #170693 is a reply to message #170692] Mon, 15 November 2010 03:16 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/14/2010 10:08 PM, Magno wrote:
> On 11/14/2010 08:18 PM, Peter wrote:
>> In article<MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
>> pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
>>> In article<4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
>>> usenet(at)helmutchang(dot)at says...
>>>> Am 14.11.2010 18:11, schrieb Peter:
>>>>
>>>>
>>>> The bug is not in the part of the encryption script. It is in the part,
>>>> where the encrypted data is stored to the database.
>>>>
>>>> > So, all I could potentially do, as I see it, is include an extra:
>>>> >
>>>> > if, char converted to backslash, then change to a different char.
>>>>
>>>> No! Haven't you read the other answers, concerning
>>>> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>>>
>>>> There are some characters in strings and blobs, that have to be escaped
>>>> when used in a (My)SQL query. And it's not only the backslash. This
>>>> function does it for you in the correct way! *But*: The escape
>>>> sequences
>>>> are *not* stored in the database. So when you fetch the value again, it
>>>> is exactly as you want it.
>>>>
>>> Sorry, I got a little thrown of the scent here for
>>> mysql_real_escape_string when the disagreements started. I've now taken
>>> a look at the function and it does seem ideal for my purposes.
>>>
>>>
>>
>> Sorry to reply to my own post but...
>>
>> Having read right to the very end, when they say \n is replaced by '\n'
>> litteral, what do they mean? If that means the \n is replaced by a
>> completely different MySQL representation of \n, then is it still going
>> to work for me?
>>
>
> Just use that function and determine by yourself that it works... Don’t
> mind the comment by Jerry, he clearly has a confusion about
> control-characters in PHP.

No, I'm not at all confused by control characters in PHP. But remember
those strings only apply if the they were BUILT IN PHP. Strings built
in another language may or may not work with PHP functions. And there
is no indication of the language used to encrypt the data.

However, you don't seem to understand there can be a difference.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170694 is a reply to message #170693] Mon, 15 November 2010 04:09 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/15/2010 12:16 AM, Jerry Stuckle wrote:
> On 11/14/2010 10:08 PM, Magno wrote:
>> On 11/14/2010 08:18 PM, Peter wrote:
>>> In article<MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
>>> pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
>>>> In article<4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
>>>> usenet(at)helmutchang(dot)at says...
>>>> > Am 14.11.2010 18:11, schrieb Peter:
>>>> >
>>>> >
>>>> > The bug is not in the part of the encryption script. It is in the
>>>> > part,
>>>> > where the encrypted data is stored to the database.
>>>> >
>>>> >> So, all I could potentially do, as I see it, is include an extra:
>>>> >>
>>>> >> if, char converted to backslash, then change to a different char.
>>>> >
>>>> > No! Haven't you read the other answers, concerning
>>>> > <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>>> >
>>>> > There are some characters in strings and blobs, that have to be
>>>> > escaped
>>>> > when used in a (My)SQL query. And it's not only the backslash. This
>>>> > function does it for you in the correct way! *But*: The escape
>>>> > sequences
>>>> > are *not* stored in the database. So when you fetch the value
>>>> > again, it
>>>> > is exactly as you want it.
>>>> >
>>>> Sorry, I got a little thrown of the scent here for
>>>> mysql_real_escape_string when the disagreements started. I've now taken
>>>> a look at the function and it does seem ideal for my purposes.
>>>>
>>>>
>>>
>>> Sorry to reply to my own post but...
>>>
>>> Having read right to the very end, when they say \n is replaced by '\n'
>>> litteral, what do they mean? If that means the \n is replaced by a
>>> completely different MySQL representation of \n, then is it still going
>>> to work for me?
>>>
>>
>> Just use that function and determine by yourself that it works... Don’t
>> mind the comment by Jerry, he clearly has a confusion about
>> control-characters in PHP.
>
> No, I'm not at all confused by control characters in PHP. But remember
> those strings only apply if the they were BUILT IN PHP. Strings built in
> another language may or may not work with PHP functions. And there is no
> indication of the language used to encrypt the data.
>
> However, you don't seem to understand there can be a difference.

OK, I think you should just read the documentation. Please stop
misguiding the OP. You are just confusing him with your own lack of
understanding of PHP Internals.
The OP asks because he doesn’t know... if you don’t also please don’t
come to spit out your confusion because it only leads to even more
confusion for who asks.
I know and have seen that you have an habit of adding off-topic
information or confusing technical questions to topics to look
knowledgeable.
But please don’t do this now.
Re: store backslash in mysql database [message #170699 is a reply to message #170694] Mon, 15 November 2010 13:09 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/14/2010 11:09 PM, Magno wrote:
> On 11/15/2010 12:16 AM, Jerry Stuckle wrote:
>> On 11/14/2010 10:08 PM, Magno wrote:
>>> On 11/14/2010 08:18 PM, Peter wrote:
>>>> In article<MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
>>>> pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
>>>> > In article<4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
>>>> > usenet(at)helmutchang(dot)at says...
>>>> >> Am 14.11.2010 18:11, schrieb Peter:
>>>> >>
>>>> >>
>>>> >> The bug is not in the part of the encryption script. It is in the
>>>> >> part,
>>>> >> where the encrypted data is stored to the database.
>>>> >>
>>>> >>> So, all I could potentially do, as I see it, is include an extra:
>>>> >>>
>>>> >>> if, char converted to backslash, then change to a different char.
>>>> >>
>>>> >> No! Haven't you read the other answers, concerning
>>>> >> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>>> >>
>>>> >> There are some characters in strings and blobs, that have to be
>>>> >> escaped
>>>> >> when used in a (My)SQL query. And it's not only the backslash. This
>>>> >> function does it for you in the correct way! *But*: The escape
>>>> >> sequences
>>>> >> are *not* stored in the database. So when you fetch the value
>>>> >> again, it
>>>> >> is exactly as you want it.
>>>> >>
>>>> > Sorry, I got a little thrown of the scent here for
>>>> > mysql_real_escape_string when the disagreements started. I've now
>>>> > taken
>>>> > a look at the function and it does seem ideal for my purposes.
>>>> >
>>>> >
>>>>
>>>> Sorry to reply to my own post but...
>>>>
>>>> Having read right to the very end, when they say \n is replaced by '\n'
>>>> litteral, what do they mean? If that means the \n is replaced by a
>>>> completely different MySQL representation of \n, then is it still going
>>>> to work for me?
>>>>
>>>
>>> Just use that function and determine by yourself that it works... Don’t
>>> mind the comment by Jerry, he clearly has a confusion about
>>> control-characters in PHP.
>>
>> No, I'm not at all confused by control characters in PHP. But remember
>> those strings only apply if the they were BUILT IN PHP. Strings built in
>> another language may or may not work with PHP functions. And there is no
>> indication of the language used to encrypt the data.
>>
>> However, you don't seem to understand there can be a difference.
>
> OK, I think you should just read the documentation. Please stop
> misguiding the OP. You are just confusing him with your own lack of
> understanding of PHP Internals.
> The OP asks because he doesn’t know... if you don’t also please don’t
> come to spit out your confusion because it only leads to even more
> confusion for who asks.
> I know and have seen that you have an habit of adding off-topic
> information or confusing technical questions to topics to look
> knowledgeable.
> But please don’t do this now.

Oh, believe me - I understand the PHP internals - much more than you do.
You shouldn't be showing your ignorance so much.

And none of what I said was off-topic. But you don't have enough
intelligence to understand that.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170704 is a reply to message #170689] Mon, 15 November 2010 18:21 Go to previous messageGo to next message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
Senior Member
.oO(Peter)

> Having read right to the very end, when they say \n is replaced by '\n'
> litteral, what do they mean? If that means the \n is replaced by a
> completely different MySQL representation of \n, then is it still going
> to work for me?

The replacement just makes sure that some special chars are correctly
transferred into the database. It doesn't modify your data.

And the '\n' in the documentation isn't meant literally as a two-char
string, but represents the special control char 'LF' (linefeed). You
could also write it as \x0A for example.

Micha
Re: store backslash in mysql database [message #170717 is a reply to message #170699] Mon, 15 November 2010 21:08 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/15/2010 10:09 AM, Jerry Stuckle wrote:
> On 11/14/2010 11:09 PM, Magno wrote:
>> On 11/15/2010 12:16 AM, Jerry Stuckle wrote:
>>> On 11/14/2010 10:08 PM, Magno wrote:
>>>> On 11/14/2010 08:18 PM, Peter wrote:
>>>> > In article<MPG(dot)274a7c95e2d635f19896dc(at)news(dot)virginmedia(dot)com>,
>>>> > pete(dot)ivesAll_stRESS(at)blueyonder(dot)co(dot)uk says...
>>>> >> In
>>>> >> article<4ce02cdd$0$19902$91cee783(at)newsreader03(dot)highway(dot)telekom(dot)at>,
>>>> >> usenet(at)helmutchang(dot)at says...
>>>> >>> Am 14.11.2010 18:11, schrieb Peter:
>>>> >>>
>>>> >>>
>>>> >>> The bug is not in the part of the encryption script. It is in the
>>>> >>> part,
>>>> >>> where the encrypted data is stored to the database.
>>>> >>>
>>>> >>>> So, all I could potentially do, as I see it, is include an extra:
>>>> >>>>
>>>> >>>> if, char converted to backslash, then change to a different char.
>>>> >>>
>>>> >>> No! Haven't you read the other answers, concerning
>>>> >>> <http://www.php.net/manual/en/function.mysql-real-escape-string.php>?
>>>> >>>
>>>> >>>
>>>> >>> There are some characters in strings and blobs, that have to be
>>>> >>> escaped
>>>> >>> when used in a (My)SQL query. And it's not only the backslash. This
>>>> >>> function does it for you in the correct way! *But*: The escape
>>>> >>> sequences
>>>> >>> are *not* stored in the database. So when you fetch the value
>>>> >>> again, it
>>>> >>> is exactly as you want it.
>>>> >>>
>>>> >> Sorry, I got a little thrown of the scent here for
>>>> >> mysql_real_escape_string when the disagreements started. I've now
>>>> >> taken
>>>> >> a look at the function and it does seem ideal for my purposes.
>>>> >>
>>>> >>
>>>> >
>>>> > Sorry to reply to my own post but...
>>>> >
>>>> > Having read right to the very end, when they say \n is replaced by
>>>> > '\n'
>>>> > litteral, what do they mean? If that means the \n is replaced by a
>>>> > completely different MySQL representation of \n, then is it still
>>>> > going
>>>> > to work for me?
>>>> >
>>>>
>>>> Just use that function and determine by yourself that it works... Don’t
>>>> mind the comment by Jerry, he clearly has a confusion about
>>>> control-characters in PHP.
>>>
>>> No, I'm not at all confused by control characters in PHP. But remember
>>> those strings only apply if the they were BUILT IN PHP. Strings built in
>>> another language may or may not work with PHP functions. And there is no
>>> indication of the language used to encrypt the data.
>>>
>>> However, you don't seem to understand there can be a difference.
>>
>> OK, I think you should just read the documentation. Please stop
>> misguiding the OP. You are just confusing him with your own lack of
>> understanding of PHP Internals.
>> The OP asks because he doesn’t know... if you don’t also please don’t
>> come to spit out your confusion because it only leads to even more
>> confusion for who asks.
>> I know and have seen that you have an habit of adding off-topic
>> information or confusing technical questions to topics to look
>> knowledgeable.
>> But please don’t do this now.
>
> Oh, believe me - I understand the PHP internals - much more than you do.
> You shouldn't be showing your ignorance so much.
>
> And none of what I said was off-topic. But you don't have enough
> intelligence to understand that.
>

Being unable to explain or give any code as example, and instead,
getting into insults clearly shows how knowledgeable you are.
Greetings.
Re: store backslash in mysql database [message #170729 is a reply to message #170677] Wed, 17 November 2010 10:53 Go to previous messageGo to next message
Helmut Chang is currently offline  Helmut Chang
Messages: 22
Registered: September 2010
Karma: 0
Junior Member
Am 14.11.2010 20:08, schrieb Jerry Stuckle:
> On 11/13/2010 3:41 AM, Helmut Chang wrote:
>> Am 13.11.2010 04:28, schrieb Jerry Stuckle:

That's, what you wrote:

>>> mysql_real_escape_string() won't change backslashes.

That's, what the manual says:

>> | mysql_real_escape_string() calls MySQL's library function
>> | mysql_real_escape_string, which prepends backslashes to the following
>> | characters: \x00, \n, \r, \, ', " and \x1a.

So the function escapes a backslash.

> You're correct on the specific case of "\n" and I am incorrect. However,
> please read more closely. It does NOT handle every other instance of a
> backslash - it doesn't, for instance, handle \t or \b, both of which are
> valid control characters. In fact, it only handles 5 specific cases.

Sorry, here you confuse the *string* "\t" with the *Tab*-Character,
which can be expressed in PHP by writing:

$data = "A\tB";

This string internally contains no backslash. It contains three
characters. You wrote:

| mysql_real_escape_string() won't change backslashes. It has no way
| to know if, for instance, "\n" is a newline character or a backslash |
and an n.

And I wrote, that it does. And it's irrelevant, that
mysql_real_escape_string() does not escape a tab-character, because
there's no need to. But it must escape a backslash-character, because
mysql itself treats a backslash also as an escaping character:

INSERT INTO foo (bar) VALUES 'A\tB';
INSERT INTO foo (bar) VALUES 'A B';

are equivalent.

But if you want to insert a string "\t", the backslash must be escaped:

INSERT INTO foo (bar) VALUES 'A\\tB';

Here's a script:

<?php
$string1 = "A B";
$string2 = "A\tB";
$string3 = 'A\tB';

var_dump($string1);
var_dump($string2);
var_dump($string3);

$conn = mysql_connect('localhost', 'root', 'xxx');

$escapedString1 = mysql_real_escape_string($string1, $conn);
$escapedString2 = mysql_real_escape_string($string2, $conn);
$escapedString3 = mysql_real_escape_string($string3, $conn);

var_dump($escapedString1);
var_dump($escapedString2);
var_dump($escapedString3);

mysql_select_db('test');

$query = "INSERT INTO CharTest (CharColumn) VALUES ('%s')";

mysql_query(sprintf($query, $escapedString1));
mysql_query(sprintf($query, $escapedString2));
mysql_query(sprintf($query, $escapedString3));

$result = mysql_query('SELECT CharColumn FROM CharTest');
while ($row = mysql_fetch_assoc($result))
var_dump($row['CharColumn']);

mysql_free_result($result);
mysql_close($conn);
?>
Re: store backslash in mysql database [message #170730 is a reply to message #170729] Wed, 17 November 2010 11:28 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/17/2010 5:53 AM, Helmut Chang wrote:
> Am 14.11.2010 20:08, schrieb Jerry Stuckle:
>> On 11/13/2010 3:41 AM, Helmut Chang wrote:
>>> Am 13.11.2010 04:28, schrieb Jerry Stuckle:
>
> That's, what you wrote:
>
>>>> mysql_real_escape_string() won't change backslashes.
>
> That's, what the manual says:
>
>>> | mysql_real_escape_string() calls MySQL's library function
>>> | mysql_real_escape_string, which prepends backslashes to the following
>>> | characters: \x00, \n, \r, \, ', " and \x1a.
>
> So the function escapes a backslash.
>

A single backslash, I agreed. But not all escaped characters.

>> You're correct on the specific case of "\n" and I am incorrect. However,
>> please read more closely. It does NOT handle every other instance of a
>> backslash - it doesn't, for instance, handle \t or \b, both of which are
>> valid control characters. In fact, it only handles 5 specific cases.
>
> Sorry, here you confuse the *string* "\t" with the *Tab*-Character,
> which can be expressed in PHP by writing:
>
> $data = "A\tB";
>
> This string internally contains no backslash. It contains three
> characters. You wrote:
>
> | mysql_real_escape_string() won't change backslashes. It has no way
> | to know if, for instance, "\n" is a newline character or a backslash |
> and an n.
>
> And I wrote, that it does. And it's irrelevant, that
> mysql_real_escape_string() does not escape a tab-character, because
> there's no need to. But it must escape a backslash-character, because
> mysql itself treats a backslash also as an escaping character:
>
> INSERT INTO foo (bar) VALUES 'A\tB';
> INSERT INTO foo (bar) VALUES 'A B';
>
> are equivalent.
>
> But if you want to insert a string "\t", the backslash must be escaped:
>
> INSERT INTO foo (bar) VALUES 'A\\tB';
>
> Here's a script:
>
> <?php
> $string1 = "A B";
> $string2 = "A\tB";
> $string3 = 'A\tB';
>
> var_dump($string1);
> var_dump($string2);
> var_dump($string3);
>
> $conn = mysql_connect('localhost', 'root', 'xxx');
>
> $escapedString1 = mysql_real_escape_string($string1, $conn);
> $escapedString2 = mysql_real_escape_string($string2, $conn);
> $escapedString3 = mysql_real_escape_string($string3, $conn);
>
> var_dump($escapedString1);
> var_dump($escapedString2);
> var_dump($escapedString3);
>
> mysql_select_db('test');
>
> $query = "INSERT INTO CharTest (CharColumn) VALUES ('%s')";
>
> mysql_query(sprintf($query, $escapedString1));
> mysql_query(sprintf($query, $escapedString2));
> mysql_query(sprintf($query, $escapedString3));
>
> $result = mysql_query('SELECT CharColumn FROM CharTest');
> while ($row = mysql_fetch_assoc($result))
> var_dump($row['CharColumn']);
>
> mysql_free_result($result);
> mysql_close($conn);
> ?>
>
>

I'm not confusing anything. You're making the assumption that the
string was created in PHP. I am not - I've seen before what happens
when a string incorrectly created by an extension caused problems in PHP.

There is NO indication that the encryption routine was written in PHP or
some other language; if it was another language, there can be other
problems which mysql_real_escape_string() cannot fix - because it is
depending on the string being created correctly in PHP.

And BTW - I figured out the difference between a tab character and the
string backslash-t about 25 years ago, when I was working with C.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170733 is a reply to message #170730] Wed, 17 November 2010 11:53 Go to previous messageGo to next message
Luuk is currently offline  Luuk
Messages: 329
Registered: September 2010
Karma: 0
Senior Member
On 17-11-10 12:28, Jerry Stuckle wrote:
> There is NO indication that the encryption routine was written in PHP or
> some other language; if it was another language, there can be other
> problems which mysql_real_escape_string() cannot fix - because it is
> depending on the string being created correctly in PHP.

Can you explain to us the difference between:
1) A string (http://en.wikipedia.org/wiki/String_(computer_science))
and
2) A string created by PHP

I'm really interested in the differences between both,
because, to my knowledge, there is no difference.
And i hope my knowledge about this is correct.

--
Luuk
Re: store backslash in mysql database [message #170734 is a reply to message #170733] Wed, 17 November 2010 16:29 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/17/2010 6:53 AM, Luuk wrote:
> On 17-11-10 12:28, Jerry Stuckle wrote:
>> There is NO indication that the encryption routine was written in PHP or
>> some other language; if it was another language, there can be other
>> problems which mysql_real_escape_string() cannot fix - because it is
>> depending on the string being created correctly in PHP.
>
> Can you explain to us the difference between:
> 1) A string (http://en.wikipedia.org/wiki/String_(computer_science))
> and
> 2) A string created by PHP
>
> I'm really interested in the differences between both,
> because, to my knowledge, there is no difference.
> And i hope my knowledge about this is correct.
>

Luuk, the problem comes in when a string is created outside of PHP but
not according to the "rules". For instance, if the string contains the
character sequence "\n" and is placed in a PHP string incorrectly (as
can happen with extensions), the string may be interpreted as the two
character sequence (correct), or it may be interpreted as a newline
character - IOW, it could be interpreted as either "\n" or '\n'.

The solution here is to correct the code such that it inserts the
sequence correctly. And no, this is not theoretical - I had to
troubleshoot this very problem in an extension a while back - it wasn't
easy to find, mainly because we didn't at first suspect this was the
problem.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: store backslash in mysql database [message #170742 is a reply to message #170734] Wed, 17 November 2010 16:52 Go to previous messageGo to next message
Magno is currently offline  Magno
Messages: 49
Registered: October 2010
Karma: 0
Member
On 11/17/2010 01:29 PM, Jerry Stuckle wrote:
> On 11/17/2010 6:53 AM, Luuk wrote:
>> On 17-11-10 12:28, Jerry Stuckle wrote:
>>> There is NO indication that the encryption routine was written in PHP or
>>> some other language; if it was another language, there can be other
>>> problems which mysql_real_escape_string() cannot fix - because it is
>>> depending on the string being created correctly in PHP.
>>
>> Can you explain to us the difference between:
>> 1) A string (http://en.wikipedia.org/wiki/String_(computer_science))
>> and
>> 2) A string created by PHP
>>
>> I'm really interested in the differences between both,
>> because, to my knowledge, there is no difference.
>> And i hope my knowledge about this is correct.
>>
>
> Luuk, the problem comes in when a string is created outside of PHP but
> not according to the "rules". For instance, if the string contains the
> character sequence "\n" and is placed in a PHP string incorrectly (as
> can happen with extensions), the string may be interpreted as the two
> character sequence (correct), or it may be interpreted as a newline
> character - IOW, it could be interpreted as either "\n" or '\n'.
>
> The solution here is to correct the code such that it inserts the
> sequence correctly. And no, this is not theoretical - I had to
> troubleshoot this very problem in an extension a while back - it wasn't
> easy to find, mainly because we didn't at first suspect this was the
> problem.
>

You are bringing up a problem that the OP hasn’t asked about, it is not
likely to happen in what he his doing, and no one has even mentioned about.
Please don’t confuse the OP more.
Re: store backslash in mysql database [message #170743 is a reply to message #170742] Thu, 18 November 2010 13:18 Go to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 11/17/2010 11:52 AM, Magno wrote:
> On 11/17/2010 01:29 PM, Jerry Stuckle wrote:
>> On 11/17/2010 6:53 AM, Luuk wrote:
>>> On 17-11-10 12:28, Jerry Stuckle wrote:
>>>> There is NO indication that the encryption routine was written in
>>>> PHP or
>>>> some other language; if it was another language, there can be other
>>>> problems which mysql_real_escape_string() cannot fix - because it is
>>>> depending on the string being created correctly in PHP.
>>>
>>> Can you explain to us the difference between:
>>> 1) A string (http://en.wikipedia.org/wiki/String_(computer_science))
>>> and
>>> 2) A string created by PHP
>>>
>>> I'm really interested in the differences between both,
>>> because, to my knowledge, there is no difference.
>>> And i hope my knowledge about this is correct.
>>>
>>
>> Luuk, the problem comes in when a string is created outside of PHP but
>> not according to the "rules". For instance, if the string contains the
>> character sequence "\n" and is placed in a PHP string incorrectly (as
>> can happen with extensions), the string may be interpreted as the two
>> character sequence (correct), or it may be interpreted as a newline
>> character - IOW, it could be interpreted as either "\n" or '\n'.
>>
>> The solution here is to correct the code such that it inserts the
>> sequence correctly. And no, this is not theoretical - I had to
>> troubleshoot this very problem in an extension a while back - it wasn't
>> easy to find, mainly because we didn't at first suspect this was the
>> problem.
>>
>
> You are bringing up a problem that the OP hasn’t asked about, it is not
> likely to happen in what he his doing, and no one has even mentioned about.
> Please don’t confuse the OP more.

And you are being a stupid shit. The operator only indicated he found
some code. He did not indicate where it came from, what language it is
in, or anything else.

The problem I mentioned is ONE EXAMPLE of what can happen. Similar
things can happen other ways, also. But you're too stoopid to
understand what can happen when you have mixed languages.

Give it up - you're only proving your ignorance.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: website url as input how to create and save image on server in php?
Next Topic: Cannot write utf8 data into a utf8 column
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 09:58:39 GMT 2024

Total time taken to generate the page: 0.02578 seconds