Skip to content
Advertisement

PHP – How can I get pack() to return a string that is the same as a regular string?

I am not sure what the issue is. I assume it is an encoding issue. What I would like is for

pack('V', 0x41) == "A"

to return true. This is not the case even though the encoding from mb_detect_encoding() returns ASCII for both and both print “A” to the screen when echoed. The real issue is that when the packed string is included in a sql query:

 $sql = "SELECT item_name, item_description FROM items WHERE item_name LIKE '$querystr%'";

it fails to execute the query, even though when printed to the screen the strings are equivalent. This is for a CTF challenge I am creating, so yes, that code is meant to be vulnerable to injection.

Advertisement

Answer

The V argument in pack takes 32-bit unsigned values(little-endian byte order) so your call looks like

pack('V', 0x00000041) === "A"

You can use trim to get rid of the excess nulls you can use another option, for instance c

pack('c', 0x41) === "A"
User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement