CodeIgniter Forums
insert bug(CI4) - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=31)
+--- Thread: insert bug(CI4) (/showthread.php?tid=66631)

insert bug(CI4) - startbbs - 11-14-2016

here I insert the follow data to mysql.
PHP Code:
$data['password']='$2y$10$ErQlCj/Mo10il.FthAm0WOjYdf3chZEGPFqaPzjqOX2aj2uYf5Ihq' 
when I check the database, the data was changed to
Code:
y\$ErQlCj/Mo10il.FthAm0WOjYdf3chZEGPFqaPzjqOX2aj2uYf5Ihq
please note "$2y$10" was changed to "y\" and the number of characters was changed too(from 60 to 56).

I guess this is might be a bug?

RE: insert bug(CI4) - kilishan - 11-14-2016

Are you on the most recent version? I discovered and fixed a similar bug a couple of weeks ago.

RE: insert bug(CI4) - startbbs - 11-14-2016

(11-14-2016, 08:49 PM)kilishan Wrote: Are you on the most recent version? I discovered and fixed a similar bug a couple of weeks ago.

Yes, I am using the latest version. it seems that the data was filtered. please check it again.

RE: insert bug(CI4) - kilishan - 11-14-2016

Ok. I have an idea what it might be as I was just fighting with that portion of the code over the last few days... I'll take another look. Thanks.

RE: insert bug(CI4) - kilishan - 11-14-2016

I was spot on with what I thought the issue was. I had a little manual filtering that used to be necessary, but started using preg_quote to prep the strings in the Query class, and the manual filtering (specifically for passwords...sigh) was getting in the way. Pull down the latest code and it should be fixed.

RE: insert bug(CI4) - startbbs - 11-15-2016

(11-14-2016, 09:35 PM)kilishan Wrote: I was spot on with what I thought the issue was. I had a little manual filtering that used to be necessary, but started using preg_quote to prep the strings in the Query class, and the manual filtering (specifically for passwords...sigh) was getting in the way. Pull down the latest code and it should be fixed.

THanks, it works well now.

RE: insert bug(CI4) - kilishan - 11-15-2016

Excellent. Glad to hear it.

RE: insert bug(CI4) - InsiteFX - 11-15-2016

Using password_hash and crypt you need to be careful that they do not include any NULL BYTES or it will truncate it.

RE: insert bug(CI4) - Narf - 11-15-2016

(11-15-2016, 06:52 AM)InsiteFX Wrote: Using password_hash and crypt you need to be careful that they do not include any NULL BYTES or it will truncate it.

Yet again, while not incorrect, your comment is irrelevant.