MySQL: Query with UUID (bytestring) as primary key not working










0














I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.



I retrieve rows from the table like this:



$where = sprintf("'%s'", $bytestring_uuid);

$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);


Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.



Here are some UUIDs the query works with (in the original format, so you can read them) :



c80615fc-e441-11e8-b328-002522a6b241

d4c94f0c-e441-11e8-9316-002522a6b241

df11cade-e441-11e8-b3a5-002522a6b241


This one fails:



27c049c4-e67f-11e8-9e6f-002522a6b241


Error log:




WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(




Any ideas what's happening?










share|improve this question



















  • 1




    Your code also looks prone to SQL injections at first seight..
    – Raymond Nijland
    Nov 12 '18 at 19:54















0














I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.



I retrieve rows from the table like this:



$where = sprintf("'%s'", $bytestring_uuid);

$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);


Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.



Here are some UUIDs the query works with (in the original format, so you can read them) :



c80615fc-e441-11e8-b328-002522a6b241

d4c94f0c-e441-11e8-9316-002522a6b241

df11cade-e441-11e8-b3a5-002522a6b241


This one fails:



27c049c4-e67f-11e8-9e6f-002522a6b241


Error log:




WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(




Any ideas what's happening?










share|improve this question



















  • 1




    Your code also looks prone to SQL injections at first seight..
    – Raymond Nijland
    Nov 12 '18 at 19:54













0












0








0







I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.



I retrieve rows from the table like this:



$where = sprintf("'%s'", $bytestring_uuid);

$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);


Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.



Here are some UUIDs the query works with (in the original format, so you can read them) :



c80615fc-e441-11e8-b328-002522a6b241

d4c94f0c-e441-11e8-9316-002522a6b241

df11cade-e441-11e8-b3a5-002522a6b241


This one fails:



27c049c4-e67f-11e8-9e6f-002522a6b241


Error log:




WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(




Any ideas what's happening?










share|improve this question















I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.



I retrieve rows from the table like this:



$where = sprintf("'%s'", $bytestring_uuid);

$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);


Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.



Here are some UUIDs the query works with (in the original format, so you can read them) :



c80615fc-e441-11e8-b328-002522a6b241

d4c94f0c-e441-11e8-9316-002522a6b241

df11cade-e441-11e8-b3a5-002522a6b241


This one fails:



27c049c4-e67f-11e8-9e6f-002522a6b241


Error log:




WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(




Any ideas what's happening?







mysql wordpress innodb uuid






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 '18 at 17:31

























asked Nov 12 '18 at 19:51









JimQ

85




85







  • 1




    Your code also looks prone to SQL injections at first seight..
    – Raymond Nijland
    Nov 12 '18 at 19:54












  • 1




    Your code also looks prone to SQL injections at first seight..
    – Raymond Nijland
    Nov 12 '18 at 19:54







1




1




Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54




Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54












2 Answers
2






active

oldest

votes


















0














27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.



Or... Instead of saying



WHERE uuid = '?IÄžo...'


capture the hex and say



WHERE uuid = UNHEX('27c049c4e67f11...');


That is, have $byte_string be 32 hex digits.






share|improve this answer




























    0














    Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.



    Using a PDO or mysqli solution will fix both of your problems.



    Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.






    share|improve this answer




















      Your Answer






      StackExchange.ifUsing("editor", function ()
      StackExchange.using("externalEditor", function ()
      StackExchange.using("snippets", function ()
      StackExchange.snippets.init();
      );
      );
      , "code-snippets");

      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "1"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53269148%2fmysql-query-with-uuid-bytestring-as-primary-key-not-working%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.



      Or... Instead of saying



      WHERE uuid = '?IÄžo...'


      capture the hex and say



      WHERE uuid = UNHEX('27c049c4e67f11...');


      That is, have $byte_string be 32 hex digits.






      share|improve this answer

























        0














        27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.



        Or... Instead of saying



        WHERE uuid = '?IÄžo...'


        capture the hex and say



        WHERE uuid = UNHEX('27c049c4e67f11...');


        That is, have $byte_string be 32 hex digits.






        share|improve this answer























          0












          0








          0






          27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.



          Or... Instead of saying



          WHERE uuid = '?IÄžo...'


          capture the hex and say



          WHERE uuid = UNHEX('27c049c4e67f11...');


          That is, have $byte_string be 32 hex digits.






          share|improve this answer












          27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.



          Or... Instead of saying



          WHERE uuid = '?IÄžo...'


          capture the hex and say



          WHERE uuid = UNHEX('27c049c4e67f11...');


          That is, have $byte_string be 32 hex digits.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 12 '18 at 22:08









          Rick James

          66.3k55899




          66.3k55899























              0














              Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.



              Using a PDO or mysqli solution will fix both of your problems.



              Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.






              share|improve this answer

























                0














                Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.



                Using a PDO or mysqli solution will fix both of your problems.



                Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.






                share|improve this answer























                  0












                  0








                  0






                  Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.



                  Using a PDO or mysqli solution will fix both of your problems.



                  Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.






                  share|improve this answer












                  Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.



                  Using a PDO or mysqli solution will fix both of your problems.



                  Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 12 '18 at 21:32









                  danblack

                  1,5071214




                  1,5071214



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53269148%2fmysql-query-with-uuid-bytestring-as-primary-key-not-working%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      這個網誌中的熱門文章

                      How to read a connectionString WITH PROVIDER in .NET Core?

                      Node.js Script on GitHub Pages or Amazon S3

                      Museum of Modern and Contemporary Art of Trento and Rovereto