Sign in
 
HomeLibraryLearnDownloadsTroubleshootingCommunityForums
SQL Server Developer Center >
why does quote() method null-terminate strings?

Answered why does quote() method null-terminate strings?

  • Friday, July 30, 2010 9:26 PM
     
     
    Sign In to Vote
    0

    My environment:

    Windows XP  SP2; Apache 2.2.11; PHP 5.2.9-1; SQL Server 2005 Developer Edition; SQL Server 2008 Native drivers

    I'm using the Yii framework v1.1.3, which wraps PDO functions

    case 1) using 'mssql' driver, the quote() method returns a normally-quoted  string.

      $var = 'ABC';

      $quotedVar = pdo->quote($var);  // returns  'ABC'

    case 2) using 'sqlsrv' driver, the quote() method returns a quoted, NULL-TERMINATED string.  WHY?

      $var = 'ABC';

      $quotedVar = pdo->quote(var);  // returns 'ABC'\0000

    The problem arises when I form a "criteria" object in Yii (CDbCriteria), which is basically the 'where' clause to be executed.  If the quote() method returns the null-terminated string, it is impossible to append anything further.   The old mssql driver does not return a null-terminated string, hence anything can be concatenated to the result.

    I like the CTP 2.0 driver very much, mainly for two improvements

      a) implementation of connection-pooling

      b) mssql driver returns empty string as blank space, which is a serious bug. 

    BUT - the quote() method is proving something of a problem. I've worked around it in one situation by reversing the order of concatenation, since the two clauses are AND'ed together.  But in the long run it may prove a bigger problem.  Advice welcome.

    - Jeremy

     

All Replies

  • Tuesday, August 03, 2010 8:00 PM
    Moderator
     
     
    Sign In to Vote
    0
    Thanks for reporting this Jeremy, we are looking at this issue internally.
    Ashay Chaudhary
    SQL Server Driver for PHP (http://blogs.msdn.com/sqlphp)
    All information provided "as-is" and without warranty.
     
  • Tuesday, August 03, 2010 8:45 PM
     
     Answered
    Sign In to Vote
    0

    Thanks for reporting this. I have confirmed that this is an issue in our PDO_SQLSRV driver. We are looking forward to fix this in the next release of our driver.

     
  • Wednesday, April 27, 2011 10:15 PM
     
     
    Sign In to Vote
    0

    When do you anticipate having this resolved?  I'd really like to not have to use magic_quotes in order to properly escape single quotes in my pre-sql data.

     
  • Thursday, April 28, 2011 6:12 PM
     
     
    Sign In to Vote
    0

    Bruce,

    It appears that this issue was resolved in version 2.0.1. Have you tried the latest version? If yes, are you still seeing issues?

     

    Thanks,

    Jonathan

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
  • Thursday, May 05, 2011 1:02 PM
     
     
    Sign In to Vote
    0

    If it is not resolved, you can always call rtrim($quotedVar,"\0"); in php.

    Edit: It is resolved, PDO::quote() works.

    Rob
     
  • Tuesday, May 10, 2011 9:14 AM
     
     
    Sign In to Vote
    0

    If it is not resolved, you can always call rtrim($quotedVar,"\0"); in php.

    Edit: It is resolved, PDO::quote() works.

    Rob

     

    As far as I'm concerned this is still an issue and PDO::quote() won't work: 

    "Fatal error: Non-static method PDO::quote() cannot be called statically".

     

     
  • Tuesday, May 10, 2011 9:36 AM
     
     
    Sign In to Vote
    0
    My apologies, it is resolved in version 2.0.1!