I am uploading data via URL to PHP, then from PHP into mySQL.
I need to allow a NUL value in the URL string to PHP, like this:
https://www.mysite.com/9p8264/ab1/LoadData.php$cName=Abigail&smoker=%00
I have also tried this workaround, testing for ASCII space instead of ASCII NUL
(Just in case the cloud server is rejecting NUL in case of NUL-injection attacks...)
https://www.mysite.com/9p8264/ab1/LoadData.php$cName=Abigail&smoker=%+
And this is the test PHP script that I use to insert into a mySQL table:
<?php
header("Content-type:application/html; charset=UTF-8");
$con = mysqli_connect("localhost", "user", "password", "dbname");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: ".mysqli_connect_error();
}
$con->query("SET NAMES utf8mb4 COLLATE utf8mb4_unicode_ci");
$cName = $_GET['cName'];
if($_GET['smoker'] === ' %+'){$sFlag = 'Y';}else{$sFlag = 'N';} // testing for a space in this case
$result = "INSERT INTO TestPatient(cName, sFlag) VALUES ('$cName', '$sFlag')";
if(! mysqli_query($con, $result) ) {
die('Can not insert data: ' . mysql_error());
} else {echo "Inserted " + $cName;}
mysqli_close($con);
?>
Whatever I use, %00 or %+, PHP inserts an 'N' into the column sFlag.
How do I get PHP to insert a NUL instead ??