Merge pull request #550 from v-kaywon/fixPODQuoteNul

Fix PDO::quote with string containing ASCII NUL character

source/pdo_sqlsrv/pdo_dbh.cpp

@@ -1463,7 +1463,7 @@ int pdo_sqlsrv_dbh_quote( _Inout_ pdo_dbh_t* dbh, _In_reads_(unquoted_len) const
         if ( encoding == SQLSRV_ENCODING_UTF8 ) {
             quotes_needed = 3;
         }
-        for ( size_t index = 0; index < unquoted_len && unquoted[ index ] != '\0'; ++index ) {
+        for ( size_t index = 0; index < unquoted_len; ++index ) {
             if ( unquoted[ index ] == '\'' ) {
                 ++quotes_needed;
             }
@@ -1480,7 +1480,7 @@ int pdo_sqlsrv_dbh_quote( _Inout_ pdo_dbh_t* dbh, _In_reads_(unquoted_len) const
         // insert initial quote
         ( *quoted )[ out_current++ ] = '\'';
 
-        for ( size_t index = 0; index < unquoted_len && unquoted[ index ] != '\0'; ++index ) {
+        for ( size_t index = 0; index < unquoted_len; ++index ) {
             if ( unquoted[ index ] == '\'' ) {
                 ( *quoted )[ out_current++ ] = '\'';
                 ( *quoted )[ out_current++ ] = '\'';

test/functional/pdo_sqlsrv/pdo_538_quote_nul.phpt

@@ -0,0 +1,28 @@
+--TEST--
+Test the PDO::quote() method with a string containing '\0' character
+--SKIPIF--
+<?php require('skipif.inc'); ?>
+--FILE--
+<?php
+  
+require_once 'MsCommon.inc';
+
+try 
+{      
+    $connection = connect(); 
+
+    $str = "XX\0XX";
+    
+    print("Original: " . str_replace("\0", "{NUL}", $str) . "\n");
+    $str = $connection->quote($str);
+    print("Quoted:   " . str_replace("\0", "{NUL}", $str) . "\n");
+}
+
+catch( PDOException $e ) {
+    die("Connection error: " . $e->getMessage());
+}
+?> 
+
+--EXPECT--
+Original: XX{NUL}XX
+Quoted:   'XX{NUL}XX'