diff options
Diffstat (limited to '')
-rw-r--r-- | www/nulinstr.html | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/www/nulinstr.html b/www/nulinstr.html new file mode 100644 index 0000000..cb118a0 --- /dev/null +++ b/www/nulinstr.html @@ -0,0 +1,237 @@ +<!DOCTYPE html> +<html><head> +<meta name="viewport" content="width=device-width, initial-scale=1.0"> +<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<link href="sqlite.css" rel="stylesheet"> +<title>NUL Characters In Strings</title> +<!-- path= --> +</head> +<body> +<div class=nosearch> +<a href="index.html"> +<img class="logo" src="images/sqlite370_banner.gif" alt="SQLite" border="0"> +</a> +<div><!-- IE hack to prevent disappearing logo --></div> +<div class="tagline desktoponly"> +Small. Fast. Reliable.<br>Choose any three. +</div> +<div class="menu mainmenu"> +<ul> +<li><a href="index.html">Home</a> +<li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a> +<li class='wideonly'><a href='about.html'>About</a> +<li class='desktoponly'><a href="docs.html">Documentation</a> +<li class='desktoponly'><a href="download.html">Download</a> +<li class='wideonly'><a href='copyright.html'>License</a> +<li class='desktoponly'><a href="support.html">Support</a> +<li class='desktoponly'><a href="prosupport.html">Purchase</a> +<li class='search' id='search_menubutton'> +<a href="javascript:void(0)" onclick='toggle_search()'>Search</a> +</ul> +</div> +<div class="menu submenu" id="submenu"> +<ul> +<li><a href='about.html'>About</a> +<li><a href='docs.html'>Documentation</a> +<li><a href='download.html'>Download</a> +<li><a href='support.html'>Support</a> +<li><a href='prosupport.html'>Purchase</a> +</ul> +</div> +<div class="searchmenu" id="searchmenu"> +<form method="GET" action="search"> +<select name="s" id="searchtype"> +<option value="d">Search Documentation</option> +<option value="c">Search Changelog</option> +</select> +<input type="text" name="q" id="searchbox" value=""> +<input type="submit" value="Go"> +</form> +</div> +</div> +<script> +function toggle_div(nm) { +var w = document.getElementById(nm); +if( w.style.display=="block" ){ +w.style.display = "none"; +}else{ +w.style.display = "block"; +} +} +function toggle_search() { +var w = document.getElementById("searchmenu"); +if( w.style.display=="block" ){ +w.style.display = "none"; +} else { +w.style.display = "block"; +setTimeout(function(){ +document.getElementById("searchbox").focus() +}, 30); +} +} +function div_off(nm){document.getElementById(nm).style.display="none";} +window.onbeforeunload = function(e){div_off("submenu");} +/* Disable the Search feature if we are not operating from CGI, since */ +/* Search is accomplished using CGI and will not work without it. */ +if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){ +document.getElementById("search_menubutton").style.display = "none"; +} +/* Used by the Hide/Show button beside syntax diagrams, to toggle the */ +function hideorshow(btn,obj){ +var x = document.getElementById(obj); +var b = document.getElementById(btn); +if( x.style.display!='none' ){ +x.style.display = 'none'; +b.innerHTML='show'; +}else{ +x.style.display = ''; +b.innerHTML='hide'; +} +return false; +} +var antiRobot = 0; +function antiRobotGo(){ +if( antiRobot!=3 ) return; +antiRobot = 7; +var j = document.getElementById("mtimelink"); +if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); +} +function antiRobotDefense(){ +document.body.onmousedown=function(){ +antiRobot |= 2; +antiRobotGo(); +document.body.onmousedown=null; +} +document.body.onmousemove=function(){ +antiRobot |= 2; +antiRobotGo(); +document.body.onmousemove=null; +} +setTimeout(function(){ +antiRobot |= 1; +antiRobotGo(); +}, 100) +antiRobotGo(); +} +antiRobotDefense(); +</script> +<div class=fancy> +<div class=nosearch> +<div class="fancy_title"> +NUL Characters In Strings +</div> +</div> + + + + + +<h1 id="introduction"><span>1. </span>Introduction</h1> + +<p> +SQLite allows NUL characters (ASCII 0x00, Unicode \u0000) in the middle +of string values stored in the database. However, the use of NUL within +strings can lead to surprising behaviors: + +</p><ol> +<li><p> +The <a href="lang_corefunc.html#length">length() SQL function</a> only counts characters up to and excluding +the first NUL. + + +</p></li><li><p> +The <a href="lang_corefunc.html#quote">quote() SQL function</a> only shows characters up to and excluding +the first NUL. + +</p></li><li><p> +The <a href="cli.html#dump">.dump</a> command in the <a href="cli.html">CLI</a> omits the first NUL character and all +subsequent text in the SQL output that it generates. In fact, the +<a href="cli.html">CLI</a> omits everything past the first NUL character in all contexts. +</p></li></ol> + +<p> +The use of NUL characters in SQL text strings is not recommended. + +</p><h1 id="unexpected_behavior"><span>2. </span>Unexpected Behavior</h1> + +<p> +Consider the following SQL: + +</p><div class="codeblock"><pre>CREATE TABLE t1( + a INTEGER PRIMARY KEY, + b TEXT +); +INSERT INTO t1(a,b) VALUES(1, 'abc'||char(0)||'xyz'); + +SELECT a, b, length(b) FROM t1; +</pre></div> + +<p> +The SELECT statement above shows output of: + +</p><div class="codeblock"><pre>1,'abc',3 +</pre></div> + +<p> +(Through this document, we assume that the <a href="cli.html">CLI</a> has "<a href="cli.html#dotmodequote">.mode quote</a>" set.) +But if you run: + +</p><div class="codeblock"><pre>SELECT * FROM t1 WHERE b='abc'; +</pre></div> + +<p> +Then no rows are returned. SQLite knows that the t1.b column actually +holds a 7-character string, and the 7-character string 'abc'||char(0)||'xyz' +is not equal to the 3-character string 'abc', and so no rows are returned. +But a user might be easily confused by this because the <a href="cli.html">CLI</a> output +seems to show that the string has only 3 characters. This seems like +a bug. But it is how SQLite works. + +</p><h1 id="how_to_tell_if_you_have_nul_characters_in_your_strings"><span>3. </span>How To Tell If You Have NUL Characters In Your Strings</h1> + +<p> +If you <a href="lang_expr.html#castexpr">CAST</a> a string into a BLOB, then the entire length of the +string is shown. For example: + +</p><div class="codeblock"><pre>SELECT a, CAST(b AS BLOB) FROM t1; +</pre></div> + +<p> +Gives this result: + +</p><div class="codeblock"><pre>1,X'6162630078797a' +</pre></div> + +<p> +In the BLOB output, you can clearly see the NUL character as the 4th +character in the 7-character string. + +</p><p> +Another, more automated, way +to tell if a string value X contains embedded NUL characters is to +use an expression like this: + +</p><div class="codeblock"><pre>instr(X,char(0)) +</pre></div> + +<p> +If this expression returns a non-zero value N, then there exists an +embedded NUL at the N-th character position. Thus to count the number +of rows that contain embedded NUL characters: + +</p><div class="codeblock"><pre>SELECT count(*) FROM t1 WHERE instr(b,char(0))>0; +</pre></div> + +<h1 id="removing_nul_characters_from_a_text_field"><span>4. </span>Removing NUL Characters From A Text Field</h1> + +<p> +The following example shows how to remove NUL character, and all text +that follows, from a column of a table. So if you have a database file +that contains embedded NULs and you would like to remove them, running +UPDATE statements similar to the following might help: + +</p><div class="codeblock"><pre>UPDATE t1 SET b=substr(b,1,instr(b,char(0))) + WHERE instr(b,char(0)); +</pre></div> +<p align="center"><small><i>This page last modified on <a href="https://sqlite.org/docsrc/honeypot" id="mtimelink" data-href="https://sqlite.org/docsrc/finfo/pages/nulinstr.in?m=b99fab59ede12dcc2">2022-05-23 22:21:54</a> UTC </small></i></p> + |