ID: 44278 User updated by: ethan dot nelson at ltd dot org Reported By: ethan dot nelson at ltd dot org Status: Open Bug Type: PDO related Operating System: win2k3 PHP Version: 5.2.7 New Comment:
The following article is important even though it has to do with encryption. The bug report exposes what PDO is using to execute queries, sp_prepexec. The comment from an MS moderator is that it is an unsupported feature. There may be another choice for use by PDO than prepexec. http://social.msdn.microsoft.com/Forums/en- US/sqlsecurity/thread/e7e54926-27d5-4c84-99af-a5335c72ef3c Previous Comments: ------------------------------------------------------------------------ [2009-05-26 06:52:44] ian at mutexlabs dot com I can confirm this bug on Windows 2003, PHP 5.2.7, 5.2.9 and the 5.2.10-dev release linked in this bug. I'm actually using the odbc_* functions, not PDO, but the behaviour is the same. I worked around the problem by rebuilding the database using nvarchar(255) instead of nvarchar(max) types - it was safer than modifying the PHP app. I saw similar (corruption) behaviour on varchar and char types, though I didn't investigate closely. text columns are OK, but unsuitable for my application. ------------------------------------------------------------------------ [2009-05-19 22:51:45] ethan dot nelson at ltd dot org No difference in behavior from what I can see. Can you reproduce the bug on your end? My screen reports the following using my reproduce code (with a few lines from the phpinfo command()): SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, CAST('asdfasdfasdf' AS nvarchar(max)) AS garbled Array ( [0] => Array ( [good] => asdfasdfasdf [garbled] => �í[(í[��� ) ) PHP Logo PHP Version 5.2.10-dev System Windows NT LTD-PWWW2 5.2 build 3790 Build Date May 19 2009 11:39:28 Configure Command cscript /nologo configure.js "--enable-snapshot-build" "--enable-debug-pack" "--with-snapshot-template=d:\php-sdk\bin\\..\snap_5_2\vc6\x86\template" "--with-php-build=d:\php-sdk\bin\\..\snap_5_2\vc6\x86\php_build" "--with-pdo-oci=D:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8=D:\php-sdk\oracle\instantclient10\sdk,shared" Server API ISAPI ------------------------------------------------------------------------ [2009-05-03 01:00:10] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2009-04-25 14:54:59] j...@php.net Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2008-10-28 20:21:41] ethan dot nelson at ltd dot org <?php ini_set("display_errors","yes"); $poo = new PDO("odbc:DEVELOPMENT"); $query = "SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, CAST('asdfasdfasdf' AS nvarchar(max)) AS garbled"; $stm = $poo->prepare($query); echo $query."<br>\n"; $id = 1; $stm->bindParam(':id',$id,PDO::PARAM_INT); $id2 = 1; $stm->bindParam(':id2',$id2,PDO::PARAM_INT); echo "<pre>\n"; if ($stm->execute()) print_r($stm->fetchAll(PDO::FETCH_ASSOC)); else print_r( $stm->errorInfo()); echo "</pre>\n"; phpinfo(); ?> -----------Results in: SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, CAST('asdfasdfasdf' AS nvarchar(max)) AS garbled Array ( [0] => Array ( [good] => asdfasdfasdf [garbled] => ä ä ) ) PHP Version 5.2.7RC2-dev ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44278 -- Edit this bug report at http://bugs.php.net/?id=44278&edit=1