Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 INSERTing string containing \0

Author  Topic 

Birdman
Starting Member

5 Posts
Posted - 2006-07-11 : 13:52:25
Hi folks.

I'll try to make a long story as short as possible while not skipping any relevant details...

I'm porting an open-source PHP application called Gallery (http://sourceforge.net/projects/gallery) so that it supports MS SQL Server as a backend. It currently supports MySQL, PostGreSQL, DB2 and Oracle. (Note that Gallery uses the ADOdb (http://sourceforge.net/projects/adodb) package for database API abstraction.) Metadata about the items created in the Gallery are stored in the database.

One of the unit test scripts in Gallery tests what happens when an object is created which contains an ASCII NULL (\0) in its associated text.

The string being INSERTed is defined in the app as:


$testString = "The NULL character should be escaped \0 !";


Successful result is either:


  • The INSERT was successful, or

  • The INSERT was successful but the string was truncated at the \0.



On all of the other databases (at least all the ones I've seen), it is successful, but on MSSQL it's failing with a rather generic syntax error:

quote:

ado_mssql error: [102: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 'The NULL character should be escaped '.] in EXECUTE("INSERT INTO g2_PluginParameterMap (g_pluginType, g_pluginId, g_itemId, g_parameterName, g_parameterValue) VALUES ('module','unitTestModule',1,'test19476','The NULL character should be escaped !')")


I wrote a simple script that removes all the Gallery and ADOdb code (just uses PHP's "mssql_*()" calls directly):


$rs = mssql_query("insert into testtbl (col1) values ('$testString')");


, and it also fails, with an SQL syntax error:

quote:

Warning: mssql_query(): message: Unclosed quotation mark after the character string 'The NULL character should be escaped '. (severity 15) in C:\MyServer\testMsSqlInsertNull.php on line 24
PHP Warning: mssql_query(): message: Incorrect syntax near 'The NULL character should be escaped '. (severity 15) in C:\MyServer\testMsSqlInsertNull.php on line 24


It looks like somebody is treating the \0 as a terminator, not as data.

If I double the backslash (\\0) the inserted string actually contains the two-character string literal "\0", which is not what I want.

How can I find out where this problem is?

Note that:


  • I have very little control over the Gallery SQL or application logic. My understanding is that this should work as-is.

  • The intent of this test script is NOT to insert a string with a null... the intent is to verify that the INSERT works as-is either with- or without truncation of the string.



Thanks for any help.

Srinika
Master Smack Fu Yak Hacker

1378 Posts
Posted - 2006-07-11 : 14:19:17
May be something to do with PHP

I tried the following in Query Analyzer and the results did not truncated at \0

Create table #t (aa varchar(10))
insert into #t values('ab \0 !')
Select * from #t
drop table #t


Srinika
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

30421 Posts
Posted - 2006-07-11 : 14:52:40
select 'This I can see, ' + char(0) + 'this I can''t see'


Peter Larsson
Helsingborg, Sweden
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

30421 Posts
Posted - 2006-07-11 : 14:56:26
SQL NULL is not the same as SQL CHAR(0).

Use a replacement function in your php code to convert text CHAR(0) to text 'NULL' before executing the query.


Almost every programming language [by Microsoft] treats CHAR(0) as string terminator.



Peter Larsson
Helsingborg, Sweden
Go to Top of Page

Birdman
Starting Member

5 Posts
Posted - 2006-07-11 : 15:10:11
Hi, Srinika.

Thanks for the response. I'm not familiar with Query Analyzer. (I forgot to mention... I'm using SQL Server 2005 Express Edition, and I'm quite new to SQL Server... my background is DB2). Is Query Analyzer available in Express Edition? If so, how can I start it? (It's not in my Start button tree anywhere.)

quote:
Originally posted by Srinika

May be something to do with PHP

I tried the following in Query Analyzer and the results did not truncated at \0

Create table #t (aa varchar(10))
insert into #t values('ab \0 !')
Select * from #t
drop table #t


Srinika
Go to Top of Page

Birdman
Starting Member

5 Posts
Posted - 2006-07-11 : 15:31:43
Hi, Peso.

Thanks for the responses.

Yes, I know that \0 is not the same as SQL NULL. That's why I explicitly referred to it as an "ASCII NULL". :-)

And yes, I'm aware that by using "CHAR(0)" I get the same result that the other RDBMs get... success with truncation:

quote:

1> insert into testtbl values ('The NULL character should be escaped ' + char(0) + ' !')
2> go
insert into testtbl values ('The NULL character should be escaped ' + char(0) + ' !')


(1 rows affected)
1> select * from testtbl
2> go
select * from testtbl

col1

----------------------------------------------------------------------------------------------------
The NULL character should be escaped


(1 rows affected)


But like I said, the intent of this test is not to force an insert to accept a \0... I'm told (by people much more PHP-smart than I am) that this should work in PHP as-is. I'd tend to accept that because the appropriate quotes are in the right place as far as I can see. However, they're mostly Linux/UNIX bigots, so they may or may not be SQL Server experts.

Are you saying that SQL Server will not accept the backslash syntax "\0" without the CHAR() wrapper?

If that's the case, then fine... I'd just like to see that stated somewhere in language I understand. :-)

quote:
Originally posted by Peso

SQL NULL is not the same as SQL CHAR(0).

Use a replacement function in your php code to convert text CHAR(0) to text 'NULL' before executing the query.


Almost every programming language [by Microsoft] treats CHAR(0) as string terminator.



Peter Larsson
Helsingborg, Sweden
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

30421 Posts
Posted - 2006-07-11 : 15:41:00
quote:
Originally posted by Birdman

Are you saying that SQL Server will not accept the backslash syntax "\0" without the CHAR() wrapper?
No, I don't say that.

SQL Server accepts \0 just fine, but the ODBC SQL driver doesn't. May be that's because the driver is written in C/C++?

Somewhere after the query is sent from your application but before the query reaches SQL Server, the query string is somehow converted.


Peter Larsson
Helsingborg, Sweden
Go to Top of Page

Birdman
Starting Member

5 Posts
Posted - 2006-07-11 : 16:38:11
Then why does \0 not work using sqlcmd either?

quote:

1> -- Concatenated strings
2> insert into testtbl values ('The NULL character should be escaped ' + \0 + ' !')
3> go
insert into testtbl values ('The NULL character should be escaped ' + \0 + ' !')


Msg 235, Level 16, State 1, Server CS288290-A\SQLEXPRESS, Line 1
Cannot convert a char value to money. The char value has incorrect syntax.
1> -- Single quotes
2> insert into testtbl values ('The NULL character should be escaped \0 !')
3> go
insert into testtbl values ('The NULL character should be escaped \0 !')


(1 rows affected)
1> -- Double quotes
2> insert into testtbl values ("The NULL character should be escaped \0 !")
3> go
insert into testtbl values ("The NULL character should be escaped \0 !")


(1 rows affected)
1> select * from testtbl
2> go
select * from testtbl

col1

----------------------------------------------------------------------------------------------------
The NULL character should be escaped \0 !

The NULL character should be escaped \0 !


(2 rows affected)


Sorry if I'm missing something simple. Thanks for your help.

quote:
Originally posted by Peso

quote:
Originally posted by Birdman

Are you saying that SQL Server will not accept the backslash syntax "\0" without the CHAR() wrapper?
No, I don't say that.

SQL Server accepts \0 just fine, but the ODBC SQL driver doesn't. May be that's because the driver is written in C/C++?

Somewhere after the query is sent from your application but before the query reaches SQL Server, the query string is somehow converted.


Peter Larsson
Helsingborg, Sweden
Go to Top of Page

jen
Master Smack Fu Yak Hacker

4110 Posts
Posted - 2006-07-11 : 22:10:13
do you have a number of user messages incorporated in your apps?

if yes, why not create a table for the messages then call the column values instead of passing them from your apps as strings?

just a suggestion though

--------------------
keeping it simple...
Go to Top of Page

Birdman
Starting Member

5 Posts
Posted - 2006-07-11 : 22:38:51
Hi, Jen.

Thanks, but... what are you talking about? :-) Are you sure you're posting to the right thread?

quote:
Originally posted by jen

do you have a number of user messages incorporated in your apps?

if yes, why not create a table for the messages then call the column values instead of passing them from your apps as strings?

just a suggestion though

--------------------
keeping it simple...
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site