MySQL: Query with UUID (bytestring) as primary key not working
I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.
I retrieve rows from the table like this:
$where = sprintf("'%s'", $bytestring_uuid);
$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);
Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.
Here are some UUIDs the query works with (in the original format, so you can read them) :
c80615fc-e441-11e8-b328-002522a6b241
d4c94f0c-e441-11e8-9316-002522a6b241
df11cade-e441-11e8-b3a5-002522a6b241
This one fails:
27c049c4-e67f-11e8-9e6f-002522a6b241
Error log:
WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(
Any ideas what's happening?
mysql wordpress innodb uuid
asked Nov 12 '18 at 19:51
JimQ
85
add a comment |
I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.
I retrieve rows from the table like this:
$where = sprintf("'%s'", $bytestring_uuid);
$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);
Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.
Here are some UUIDs the query works with (in the original format, so you can read them) :
c80615fc-e441-11e8-b328-002522a6b241
d4c94f0c-e441-11e8-9316-002522a6b241
df11cade-e441-11e8-b3a5-002522a6b241
This one fails:
27c049c4-e67f-11e8-9e6f-002522a6b241
Error log:
WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(
Any ideas what's happening?
mysql wordpress innodb uuid
asked Nov 12 '18 at 19:51
JimQ
85
1
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54
add a comment |
I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.
I retrieve rows from the table like this:
$where = sprintf("'%s'", $bytestring_uuid);
$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);
Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.
Here are some UUIDs the query works with (in the original format, so you can read them) :
c80615fc-e441-11e8-b328-002522a6b241
d4c94f0c-e441-11e8-9316-002522a6b241
df11cade-e441-11e8-b3a5-002522a6b241
This one fails:
27c049c4-e67f-11e8-9e6f-002522a6b241
Error log:
WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(
Any ideas what's happening?
mysql wordpress innodb uuid
asked Nov 12 '18 at 19:51
JimQ
85
I have a table in a MySQL database, that uses UUID v1 as the primary key.
The UUIDs are stored optimized, as a 16-byte string, as described in https://www.percona.com/blog/2014/12/19/store-uuid-optimized-way/ .
The MYSQL data type for the column is binary(16). All UUIDs are generated the same way, using a PHP library. MySQL is v5.0.12.
I retrieve rows from the table like this:
$where = sprintf("'%s'", $bytestring_uuid);
$wpdb->get_results(
"
SELECT *
FROM $my_table
WHERE id = $where
"
);
Now this usually works, but oddly, with some UUIDs the query fails and i can't figure out why.
Here are some UUIDs the query works with (in the original format, so you can read them) :
c80615fc-e441-11e8-b328-002522a6b241
d4c94f0c-e441-11e8-9316-002522a6b241
df11cade-e441-11e8-b3a5-002522a6b241
This one fails:
27c049c4-e67f-11e8-9e6f-002522a6b241
Error log:
WordPress database error You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '?IÄžo' at line 3 for query
SELECT *
FROM my_table
WHERE id = 'èäAÈü³(
Any ideas what's happening?
mysql wordpress innodb uuid
mysql wordpress innodb uuid
asked Nov 12 '18 at 19:51
JimQ
85
asked Nov 12 '18 at 19:51
JimQ
85
edited Nov 13 '18 at 17:31
asked Nov 12 '18 at 19:51
JimQ
85
asked Nov 12 '18 at 19:51
JimQ
85
asked Nov 12 '18 at 19:51
JimQ
85
85
1
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54
add a comment |
1
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54
1
1
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54
add a comment |
2 Answers
2
active
oldest
votes
27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.
Or... Instead of saying
WHERE uuid = '?IÄžo...'
capture the hex and say
WHERE uuid = UNHEX('27c049c4e67f11...');
That is, have $byte_string be 32 hex digits.
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
add a comment |
Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.
Using a PDO or mysqli solution will fix both of your problems.
Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.
answered Nov 12 '18 at 21:32
danblack
1,5071214
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53269148%2fmysql-query-with-uuid-bytestring-as-primary-key-not-working%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.
Or... Instead of saying
WHERE uuid = '?IÄžo...'
capture the hex and say
WHERE uuid = UNHEX('27c049c4e67f11...');
That is, have $byte_string be 32 hex digits.
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
add a comment |
27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.
Or... Instead of saying
WHERE uuid = '?IÄžo...'
capture the hex and say
WHERE uuid = UNHEX('27c049c4e67f11...');
That is, have $byte_string be 32 hex digits.
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
add a comment |
27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.
Or... Instead of saying
WHERE uuid = '?IÄžo...'
capture the hex and say
WHERE uuid = UNHEX('27c049c4e67f11...');
That is, have $byte_string be 32 hex digits.
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
27 is single quote, 22 is double quote. Hence a serious need to escape the binary string. Yes, that link tells you how to take only 16 bytes for storing it.
Or... Instead of saying
WHERE uuid = '?IÄžo...'
capture the hex and say
WHERE uuid = UNHEX('27c049c4e67f11...');
That is, have $byte_string be 32 hex digits.
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
answered Nov 12 '18 at 22:08
Rick James
66.3k55899
66.3k55899
add a comment |
add a comment |
Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.
Using a PDO or mysqli solution will fix both of your problems.
Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.
answered Nov 12 '18 at 21:32
danblack
1,5071214
add a comment |
Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.
Using a PDO or mysqli solution will fix both of your problems.
Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.
answered Nov 12 '18 at 21:32
danblack
1,5071214
add a comment |
Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.
Using a PDO or mysqli solution will fix both of your problems.
Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.
answered Nov 12 '18 at 21:32
danblack
1,5071214
Solving your SQL injection problem will also solve that some characters in a binary format don't expand nicely in a PHP interpolated string.
Using a PDO or mysqli solution will fix both of your problems.
Also MySQL-5.0.12 that is so far out of any maintained state. You will run into troubles where the only solution is to upgrade. Sooner the better.
answered Nov 12 '18 at 21:32
danblack
1,5071214
answered Nov 12 '18 at 21:32
danblack
1,5071214
answered Nov 12 '18 at 21:32
danblack
1,5071214
answered Nov 12 '18 at 21:32
danblack
1,5071214
1,5071214
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53269148%2fmysql-query-with-uuid-bytestring-as-primary-key-not-working%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Your code also looks prone to SQL injections at first seight..
– Raymond Nijland
Nov 12 '18 at 19:54