Fix encoding of BLOB columns

The db_prepare_binary_string() function was designed for use with db_query(), and therefore used to surround the binary string to encode with single quotes. Use of db_query_bound() with the function's return value would result in a corrupted attachment because the quotes would be treated as integral part of the binary data. MySQL does not require any special encoding (except regular string processing which is already done by db_query_bound()). For PostgreSQL, instead of calling pg_escape_bytea() directly, we now use ADOdb connection's BlobEncode() method. MSSQL encoding was left as is was (no test platform available). Based on documentation, Oracle (oci8) should not require any encoding either, but was not tested either. Fixes #12955
mantisbt · Aug 9, 2012 · 3008c7f · 3008c7f
1 parent 4f4e69b
commit 3008c7f
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/core/database_api.php b/core/database_api.php
@@ -731,10 +731,11 @@ function db_prepare_string( $p_string ) {
 }
 
 /**
- * prepare a binary string before DB insertion
- * @param string $p_string unprepared binary data
+ * Prepare a binary string before DB insertion
+ * Use of this function is required for some DB types, to properly encode
+ * BLOB fields prior to calling db_query_bound() or db_query()
+ * @param string $p_string raw binary data
  * @return string prepared database query string
- * @todo Use/Behaviour of this function should be reviewed before 1.2.0 final
  */
 function db_prepare_binary_string( $p_string ) {
 	global $g_db;
@@ -752,10 +753,10 @@ function db_prepare_binary_string( $p_string ) {
 		case 'postgres64':
 		case 'postgres7':
 		case 'pgsql':
-			return '\'' . pg_escape_bytea( $p_string ) . '\'';
+			return $g_db->BlobEncode( $p_string );
 			break;
 		default:
-			return '\'' . db_prepare_string( $p_string ) . '\'';
+			return $p_string;
 			break;
 	}
 }