#31323 [Com]: session file permissions differ randomly
ID: 31323 Comment by: prikid at gmail dot com Reported By: julien dot mathieu at gmail dot com Status: No Feedback Bug Type: Session related Operating System: Linux PHP Version: 5.1.2, 4.3.9 New Comment: We are experiencing similar problem with php 5.2.6 on freebsd and red hat linux Previous Comments: [2008-08-12 16:21:03] linus dot norton at assertis dot co dot uk I have also encountered this twice on redhat running apache 2.2.6 and php 5.2.6. Why has this been closed, no feedback was requested then the ticket is just closed saying no feedback has been given. [2006-11-09 14:44:35] mg at iceni dot pl I can confirm this bug happening on php 4.4.2 build as apache 2 (with prefork) module. It's extremaly difficult to reproduce, but with little research it seems to be somehow umask related. The following is from strace running on a apache process that creates the files with wrong permissions open("/tmp/sess_5b2929b94cf141335d0b2d1e5a38fc29", O_RDWR|O_CREAT, 0600) = 186 fstat64(186, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 So php creates file with 600 permissions but it has only 400 in final. Note that's happening very rarely, normally file is created with 600. I didn't have luck tracing how and when umask is changing during request processing (probably something is changing it prior to the request, so possibly it's not even php related), but I tried to make the following very dirty workaround in ext/session/mod_files.c: @@ -138,6 +138,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) { char buf[MAXPATHLEN]; + mode_t orig_mask; if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { if (data->lastkey) { @@ -156,8 +157,10 @@ data->lastkey = estrdup(key); + orig_mask = umask(0); data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, 0600); - + umask(orig_mask); + No matter how ugly it is - it seems to do the job and session files with wrong permissions are no longer created (this workaround is probably bad idea on threaded severs though). [2006-11-05 00:16:32] bclaydon at volved dot com To provide further details, I am also using Debian (Sarge) with the latest 4.3.10-16 PHP4 package. My /var/liv/php4 looks exactly as 'pieter at q-go dot com' mentioned: drwx-wx-wt 2 root root 4.0K 2006-11-04 18:58 ./ drwxr-xr-x 35 root root 4.0K 2006-09-08 19:11 ../ -rw--- 1 www-data www-data 77 2006-11-04 18:58 sess_7b8da94a2febce75775d9082cd20d58d -rw--- 1 www-data www-data 116 2006-11-04 19:05 sess_856401c969cc1d4e68b6ffd75457c743 -rw--- 1 www-data www-data 116 2006-11-04 18:58 sess_b5419618a3586b7e3b940a0eaf137fb9 -rw--- 1 www-data www-data 116 2006-11-04 19:09 sess_f7d957b726ff923b4b1f6178f8db489f I am seeing this issue fairly frequently during usage of CakePHP framework which has fairly detailed usage of session functions. I hope this is resolved at some point, especially if it is still open as of 5.2.0 [2006-05-22 09:20:29] pieter at q-go dot com We have similar problems on Debian with PHP 5.1.2 and 5.1.4. Sessions are all created with correct permissions, but we get the same permission denied error in 5% of the cases. drwx-wx-wt 2 root root 4096 May 22 11:03 . drwxr-xr-x 27 root root 4096 May 18 13:44 .. -rw--- 1 www-data www-data0 May 22 11:03 sess_11f06ca5b4701f4be8be30b275e4e51e -rw--- 1 www-data www-data 1569 May 22 11:00 sess_1856e3c4630f074a1b0490c4792c3e53 -rw--- 1 www-data www-data0 May 22 10:21 sess_d110fb48e440d1ec4ac610243e897c69 -rw--- 1 www-data www-data 1717 May 22 11:05 sess_f9668179e8a92714f4d9553504bdcd93 Changing the default Debian permissions on /var/lib/php5 from drwx-wx-wt to drwxrwxrwt seems to help. I am putting this here because if the two cases are related, the problem might be more general. [2006-03-28 13:15:10] m...@php.net No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. The remainder of the comments for this report are too long.
#19022 [Com]: PHP Warning: Failed to write session data (files)
ID: 19022 Comment by: prikid at gmail dot com Reported By: phpbugs at mx4k dot com Status: No Feedback Bug Type: Session related Operating System: linux (rh7.3), apache 1.3.26 PHP Version: 4.2.2 New Comment: We are currently getting the same error on 2 different enviroments. This does not happen all the time, but often enough to be an annoyance during testing. Environment as follows: 1. FreeBSD 6.2-RELEASE [r...@crossbow /]# cat /usr/local/etc/php.ini | grep "session" session.save_handler = files session.save_path = "/var/tmp" session.use_cookies = 1 [r...@crossbow /]# php -v PHP 5.2.9 with Suhosin-Patch 0.9.7 (cli) (built: Mar 31 2009 12:24:17) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies [r...@crossbow /var/www/branches]# apachectl -v Server version: Apache/2.0.63 Server built: Apr 16 2008 16:52:47 --- 2. Red Hat Enterprise Linux ES 4 [r...@131080-stagingdb /]# cat /etc/php.ini |grep "session" session.save_handler = files session.save_path = "/var/lib/php/session" session.use_cookies = 1 [r...@131080-stagingdb /]# php -v PHP 5.2.9 (cli) (built: Feb 27 2009 14:38:59) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies [r...@131080-stagingdb logs]# apachectl -v Server version: Apache/2.0.52 Server built: Jun 29 2007 05:07:13 Previous Comments: [2008-02-28 17:50:49] ras...@php.net session.save_path = "0;\tmp" ?? What is 0;\tmp supposed to mean? [2008-02-28 12:04:47] m1ckx at hotmail dot com I too am getting similar messages - essentially where the session file is failing to create. Unfortunately I am getting it all the time, which is a problem as I am trying to teach myself PHP at home. What is different for me is that I am running a Windows 2K server, using IIS, and PHP 5.2.2. The initial error I get at the first session_start() call is: The description for Event ID ( 2 ) in Source ( PHP-5.2.2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: php[352], PHP Warning: session_start() [function.session-start]: open(\tmp\sess_8t6afg6omu4au9ofqnru80l6r5, O_RDWR) failed: No such file or directory (2) in F:\MixWeb\mdroot\php_sandpit\ch10\login.php on line 60. The extract of my php.ini is: [Session] session.save_handler = files session.save_path = "0;\tmp" session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / Having been trying to search down answers for this but so far no luck. [2008-01-19 22:07:24] ozdemir_e at yahoo dot com I have been getting the same error... in php.ini file i have set the session.save_path to public_html/cgi-bin/session And the chmod of the session folder is 777 Everything looks fine technically but even if that... i get this error. I really need help to figure out this issue and fix it. And the hosting company that i work with they insist on saying that it is not a server error. But I do not understand that even if the chomod of the session.save_path pointing to the correct folder and chmod 777, I am getting this error. PHP Warning: session_start() [function.session-staPHP Warning: session_start() [function.session-start]: open(/home/users/web/b469/as.x/sess_164a72ebe9813cc1b0341ad6f6edbc8a, O_RDWR) failed: Read-only file system (30) in /hermes/web03/b469/as./public_html/admin/index.php on line 31 PHP Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/home/users/web/b469/as.yuvamemlak/public_html/cgi-bin/session) in Unknown on line 0 thank you in advance [2007-12-28 23:45:50] allan at emeraldforest dot com I have been experiencing the same (or very similar) problem. One interesting thing that I found is that sometimes I can reload page A and see the session data happily sitting there, but on page B the data is not there. I have both pages open in tabs in Firefox and I can go back and forth reloading the pages. Page A always has the data, page B never does. Both pages require the same init.php script to start the session. [2007-01-03 21:49:22] stranger at teuton dot org I just started encountering this problem today, after having upgraded to PHP5 from a PHP4 app. As with some of the other reports I have some users reporting constant problems, while others have no pr
#44633 [NEW]: Write/read errors on vhosts
From: prikid at gmail dot com Operating system: FreeBSD 6.2-RELEASE PHP version: 5.2.5 PHP Bug Type: Apache2 related Bug description: Write/read errors on vhosts Description: Note: This bug maybe related to bug#42826 I have setup virtual hosts within apache 2.0.62 configuration with identical settings (except for paths to directories) 3 out of 5 users have no problems, but for 2 others, temporary cache files (using smarty templating system) produce errors as well as session files in /var/tmp. All directories have correct user/group settings for apache and chmodded 775 recursively. Again, file permissions and user settings are absolutely correct and work for 3 out 2 users. Suhosin patch and Zend Optimizer are disabled. Reproduce code: --- Main apache config: User www Group www Vhost config in apache: ServerName site.user1.crossbow DocumentRoot /var/www/branches/site/user1/ php_value include_path ".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1" AllowOverride All Options All Expected result: Able to write/read cached files in "/var/www/branches/toolbox/user1/smarty/cache/" and "/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/" Actual result: -- Warning: Smarty error: problem creating directory '/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in /usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line 1101 Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625, O_RDWR) failed: Permission denied (13) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 # cd /var/tmp # ls -la total 10 drwxrwxrwx 3 root wheel 3072 Apr 3 14:46 . drwxr-xr-x 24 root wheel 512 Jan 31 17:12 .. -- 1 www wheel 0 Apr 3 14:42 sess_462dae3f012480a23443be1051eb7b4e sess_bb88e3d0e6a8358dc818d6fc7a2f8625 -- 1 www wheel 0 Apr 3 14:25 wrt0AId76 -- 1 www wheel 0 Apr 3 14:25 wrt0ynxfS -- 1 www wheel 0 Apr 3 14:44 wrt1N4NTk ... # cd /var/www/branches/toolbox/user1/smarty/templates_c/ # ls -la total 32 d--x--x--x 2 www www 512 Apr 3 14:44 %%47 d--x--x--x 2 www www 512 Apr 3 14:44 %%5B -- Edit bug report at http://bugs.php.net/?id=44633&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44633&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44633&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44633&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44633&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44633&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44633&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=44633&r=needscript Try newer version:http://bugs.php.net/fix.php?id=44633&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44633&r=support Expected behavior:http://bugs.php.net/fix.php?id=44633&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44633&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44633&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44633&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44633&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44633&r=dst IIS Stability:http://bugs.php.net/fix.php?id=44633&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44633&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44633&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44633&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=44633&r=mysqlcfg
#44633 [Fbk->Opn]: Write/read errors on vhosts
ID: 44633 User updated by: prikid at gmail dot com Reported By: prikid at gmail dot com -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 6.2-RELEASE PHP Version: 5.2.5 Assigned To: fb-req-jani New Comment: Upgrading did not help. I run 'make test' and submitted the failed list from the prompt. Also, a copy of phpinfo() from the box is available here: http://www.undeveloped.net/testip.php.htm Previous Comments: [2008-04-03 21:02:43] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi And DO NOT apply any 3rd party patches to the sources. And make absolutely sure your php.ini is free of any Zend extensions (Zend optimizer, any caches, etc.) [2008-04-03 19:11:52] prikid at gmail dot com Description: Note: This bug maybe related to bug#42826 I have setup virtual hosts within apache 2.0.62 configuration with identical settings (except for paths to directories) 3 out of 5 users have no problems, but for 2 others, temporary cache files (using smarty templating system) produce errors as well as session files in /var/tmp. All directories have correct user/group settings for apache and chmodded 775 recursively. Again, file permissions and user settings are absolutely correct and work for 3 out 2 users. Suhosin patch and Zend Optimizer are disabled. Reproduce code: --- Main apache config: User www Group www Vhost config in apache: ServerName site.user1.crossbow DocumentRoot /var/www/branches/site/user1/ php_value include_path ".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1" AllowOverride All Options All Expected result: Able to write/read cached files in "/var/www/branches/toolbox/user1/smarty/cache/" and "/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/" Actual result: -- Warning: Smarty error: problem creating directory '/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in /usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line 1101 Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625, O_RDWR) failed: Permission denied (13) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 # cd /var/tmp # ls -la total 10 drwxrwxrwx 3 root wheel 3072 Apr 3 14:46 . drwxr-xr-x 24 root wheel 512 Jan 31 17:12 .. -- 1 www wheel 0 Apr 3 14:42 sess_462dae3f012480a23443be1051eb7b4e sess_bb88e3d0e6a8358dc818d6fc7a2f8625 -- 1 www wheel 0 Apr 3 14:25 wrt0AId76 -- 1 www wheel 0 Apr 3 14:25 wrt0ynxfS -- 1 www wheel 0 Apr 3 14:44 wrt1N4NTk ... # cd /var/www/branches/toolbox/user1/smarty/templates_c/ # ls -la total 32 d--x--x--x 2 www www 512 Apr 3 14:44 %%47 d--x--x--x 2 www www 512 Apr 3 14:44 %%5B -- Edit this bug report at http://bugs.php.net/?id=44633&edit=1
#44633 [Fbk->Opn]: Write/read errors on vhosts
ID: 44633 User updated by: prikid at gmail dot com Reported By: prikid at gmail dot com -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 6.2-RELEASE PHP Version: 5.2.5 Assigned To: fb-req-jani New Comment: Default session.save_path() works for 2 developers, but bugs out for other 3 (with identical settings set for everyone, and I'm sure I didn't specify session.save_path() anywhere in the scripts). With these settings in smarty: var $_dir_perms = 0771; if ($_make_new_dir && !file_exists($_new_dir) && [EMAIL PROTECTED]($_new_dir, $smarty->_dir_perms) && !is_dir($_new_dir)) { ... Php bugs out when creating a directory for unlucky developers. It sets only executable bit, but no read/write bits (umask for apache user is set to 022 and I've tried setting umask(0664); in the php as well) P.S. Yeah, I'll go over the config file and clean it up from obsolete packages ;-) Previous Comments: [2008-04-04 00:36:57] [EMAIL PROTECTED] Why don't you set the session.save_path in your php.ini? btw. You have dozens of configure options in your configure line that don't even exist anymore. Pay attention to the list after running configure.. :) -------------------- [2008-04-03 22:19:31] prikid at gmail dot com Upgrading did not help. I run 'make test' and submitted the failed list from the prompt. Also, a copy of phpinfo() from the box is available here: http://www.undeveloped.net/testip.php.htm [2008-04-03 21:02:43] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi And DO NOT apply any 3rd party patches to the sources. And make absolutely sure your php.ini is free of any Zend extensions (Zend optimizer, any caches, etc.) ---------------- [2008-04-03 19:11:52] prikid at gmail dot com Description: Note: This bug maybe related to bug#42826 I have setup virtual hosts within apache 2.0.62 configuration with identical settings (except for paths to directories) 3 out of 5 users have no problems, but for 2 others, temporary cache files (using smarty templating system) produce errors as well as session files in /var/tmp. All directories have correct user/group settings for apache and chmodded 775 recursively. Again, file permissions and user settings are absolutely correct and work for 3 out 2 users. Suhosin patch and Zend Optimizer are disabled. Reproduce code: --- Main apache config: User www Group www Vhost config in apache: ServerName site.user1.crossbow DocumentRoot /var/www/branches/site/user1/ php_value include_path ".:/var/www/branches/toolbox/user1:/var/www/branches/site/user1" AllowOverride All Options All Expected result: Able to write/read cached files in "/var/www/branches/toolbox/user1/smarty/cache/" and "/var/www/branches/toolbox/user1/smarty/templates_c" and "/var/tmp/" Actual result: -- Warning: Smarty error: problem creating directory '/var/www/branches/toolbox/user1/smarty/cache/%%00/00F' in /usr/local/www/branches/toolbox/user1/smarty/Smarty.class.php on line 1101 Warning: Unknown: open(/var/tmp//sess_bb88e3d0e6a8358dc818d6fc7a2f8625, O_RDWR) failed: Permission denied (13) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 # cd /var/tmp # ls -la total 10 drwxrwxrwx 3 root wheel 3072 Apr 3 14:46 . drwxr-xr-x 24 root wheel 512 Jan 31 17:12 .. -- 1 www wheel 0 Apr 3 14:42 sess_462dae3f012480a23443be1051eb7b4e sess_bb88e3d0e6a8358dc818d6fc7a2f8625 -- 1 www wheel 0 Apr 3 14:25 wrt0AId76 -- 1 www wheel 0 Apr 3 14:25 wrt0ynxfS -- 1 www wheel 0 Apr 3 14:44 wrt1N4NTk ... # cd /var/www/branches/toolbox/user1/smarty/templates_c/ # ls -la total 32 d--x--x--x 2 www www 512 Apr 3 14:44 %%47 d--x--x--x 2 www www 512 Apr 3 14:44 %%5B -- Edit this bug report at http://bugs.php.net/?id=44633&edit=1
#44633 [Fbk->Opn]: Write/read errors on vhosts
ID: 44633 User updated by: prikid at gmail dot com Reported By: prikid at gmail dot com -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: FreeBSD 6.2-RELEASE PHP Version: 5.2.5 Assigned To: fb-req-jani New Comment: I've checked smarty and our scripts for umask(), checked shell settings and apache settings for umask(), but none of those exist anywhere in scripts/shell profiles. This is not only Smarty specific, but also sessions are affected (they aren't created through smarty, but instantiated through our scripts). Php creates an empty session file in '/var/tmp' with no permissions. I've changed '/var/tmp' ownership to apache user, but php still bugs out on it Previous Comments: [2008-04-04 18:06:04] [EMAIL PROTECTED] I'm starting to think this is no bug at all, just a bug in either Smarty or in how you use it. It propably does something stupid like uses umask() function. -------- [2008-04-04 13:38:04] prikid at gmail dot com Default session.save_path() works for 2 developers, but bugs out for other 3 (with identical settings set for everyone, and I'm sure I didn't specify session.save_path() anywhere in the scripts). With these settings in smarty: var $_dir_perms = 0771; if ($_make_new_dir && !file_exists($_new_dir) && [EMAIL PROTECTED]($_new_dir, $smarty->_dir_perms) && !is_dir($_new_dir)) { ... Php bugs out when creating a directory for unlucky developers. It sets only executable bit, but no read/write bits (umask for apache user is set to 022 and I've tried setting umask(0664); in the php as well) P.S. Yeah, I'll go over the config file and clean it up from obsolete packages ;-) [2008-04-04 00:36:57] [EMAIL PROTECTED] Why don't you set the session.save_path in your php.ini? btw. You have dozens of configure options in your configure line that don't even exist anymore. Pay attention to the list after running configure.. :) ---------------- [2008-04-03 22:19:31] prikid at gmail dot com Upgrading did not help. I run 'make test' and submitted the failed list from the prompt. Also, a copy of phpinfo() from the box is available here: http://www.undeveloped.net/testip.php.htm [2008-04-03 21:02:43] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi And DO NOT apply any 3rd party patches to the sources. And make absolutely sure your php.ini is free of any Zend extensions (Zend optimizer, any caches, etc.) The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44633 -- Edit this bug report at http://bugs.php.net/?id=44633&edit=1
#42569 [NEW]: json_encode does not escape single quotes
From: prikid at gmail dot com Operating system: FreeBSD 6 PHP version: 5.2.4 PHP Bug Type: JSON related Bug description: json_encode does not escape single quotes Description: When using json_encode() and trying to insert into mysql table field with single quotes - single quote is not escaped and mysql produces error. Reproduce code: --- $name = "Mike O'Brien"; $email = "[EMAIL PROTECTED]"; $settings = array("name"=> $name,"email" => $email); $json = json_encode($settings); $sql = "INSERT INTO `users` VALUES('".$json."')"; $result = mysql_query($sql) or die (mysql_error()); Expected result: Successfull mysql insertion with escaped single quote. Actual result: -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Brien -- Edit bug report at http://bugs.php.net/?id=42569&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42569&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42569&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42569&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42569&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42569&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42569&r=needtrace Need Reproduce Script:http://bugs.php.net/fix.php?id=42569&r=needscript Try newer version:http://bugs.php.net/fix.php?id=42569&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42569&r=support Expected behavior:http://bugs.php.net/fix.php?id=42569&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42569&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42569&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42569&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42569&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42569&r=dst IIS Stability:http://bugs.php.net/fix.php?id=42569&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42569&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42569&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42569&r=nozend MySQL Configuration Error:http://bugs.php.net/fix.php?id=42569&r=mysqlcfg
#42569 [Opn]: json_encode does not escape single quotes
ID: 42569 User updated by: prikid at gmail dot com Reported By: prikid at gmail dot com Status: Open Bug Type: JSON related Operating System: FreeBSD 6 PHP Version: 5.2.4 New Comment: $name = "Mike O'Brien"; $name = mysql_escape_string($name); $email = "[EMAIL PROTECTED]"; $settings = array("name" => $name,"email" => $email); $json = json_encode($settings); var_dump($json); --- output is: string(49) "{"name":"Mike O\\'Brien","email":"[EMAIL PROTECTED]"}" Double quoted and still generates error when trying to insert into mysql db. Previous Comments: [2007-09-05 18:41:47] bas at tobin dot nl that's correct... JSON is just a way to serialize data to a string. It's not the purpose of JSON to serialize data to be directly included in a statement for a specific database. The way MySQL escape strings is not a "universal" method as for instance MS SQL does it another way. If you wish to use JSON to store data in MySQL you should escape the JSON string with the specific MySQL function to escape strings, see the mysql_escape_string() and mysql_real_escape_string() functions [2007-09-05 18:22:12] prikid at gmail dot com Description: When using json_encode() and trying to insert into mysql table field with single quotes - single quote is not escaped and mysql produces error. Reproduce code: --- $name = "Mike O'Brien"; $email = "[EMAIL PROTECTED]"; $settings = array("name"=> $name,"email" => $email); $json = json_encode($settings); $sql = "INSERT INTO `users` VALUES('".$json."')"; $result = mysql_query($sql) or die (mysql_error()); Expected result: Successfull mysql insertion with escaped single quote. Actual result: -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Brien -- Edit this bug report at http://bugs.php.net/?id=42569&edit=1