diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 67ff850cadd0..b81a0677a6c2 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -469,7 +469,7 @@ PHP_METHOD(SQLite3, escapeString) zend_string *sql; char *ret; - if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS(), "S", &sql)) { + if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS(), "P", &sql)) { RETURN_THROWS(); } diff --git a/ext/sqlite3/tests/gh_sqlite3_escapestring_nul.phpt b/ext/sqlite3/tests/gh_sqlite3_escapestring_nul.phpt new file mode 100644 index 000000000000..49d66a1accf5 --- /dev/null +++ b/ext/sqlite3/tests/gh_sqlite3_escapestring_nul.phpt @@ -0,0 +1,35 @@ +--TEST-- +SQLite3::escapeString() rejects strings with embedded NUL bytes +--EXTENSIONS-- +sqlite3 +--FILE-- +getMessage(), "\n"; + } +} + +echo "ok: ", SQLite3::escapeString("ok"), "\n"; +echo "quote: ", SQLite3::escapeString("test''%"), "\n"; +echo "empty: ", var_export(SQLite3::escapeString(""), true), "\n"; +?> +--EXPECT-- +ValueError: SQLite3::escapeString(): Argument #1 ($string) must not contain any null bytes +ValueError: SQLite3::escapeString(): Argument #1 ($string) must not contain any null bytes +ValueError: SQLite3::escapeString(): Argument #1 ($string) must not contain any null bytes +ValueError: SQLite3::escapeString(): Argument #1 ($string) must not contain any null bytes +ok: ok +quote: test''''% +empty: ''