ID:               44278
 User updated by:  ethan dot nelson at ltd dot org
 Reported By:      ethan dot nelson at ltd dot org
 Status:           Open
 Bug Type:         PDO related
 Operating System: win2k3
 PHP Version:      5.2.7
 New Comment:

The following article is important even though it has to do with 
encryption.  The bug report exposes what PDO is using to execute 
queries, sp_prepexec.  The comment from an MS moderator is that it is 
an unsupported feature.  There may be another choice for use by PDO 
than prepexec.

http://social.msdn.microsoft.com/Forums/en-
US/sqlsecurity/thread/e7e54926-27d5-4c84-99af-a5335c72ef3c


Previous Comments:
------------------------------------------------------------------------

[2009-05-26 06:52:44] ian at mutexlabs dot com

I can confirm this bug on Windows 2003, PHP 5.2.7, 5.2.9 and the
5.2.10-dev release linked in this bug.

I'm actually using the odbc_* functions, not PDO, but the behaviour is
the same.

I worked around the problem by rebuilding the database using
nvarchar(255) instead of nvarchar(max) types - it was safer than
modifying the PHP app.

I saw similar (corruption) behaviour on varchar and char types, though
I didn't investigate closely.

text columns are OK, but unsuitable for my application.

------------------------------------------------------------------------

[2009-05-19 22:51:45] ethan dot nelson at ltd dot org

No difference in behavior from what I can see.  Can you reproduce the
bug on your end?  My screen reports the following using my reproduce
code (with a few lines from the phpinfo command()):

SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, CAST('asdfasdfasdf' AS
nvarchar(max)) AS garbled

Array
(
    [0] => Array
        (
            [good] => asdfasdfasdf
            [garbled] => �í[(í[���
        )

)

PHP Logo
PHP Version 5.2.10-dev

System  Windows NT LTD-PWWW2 5.2 build 3790
Build Date      May 19 2009 11:39:28
Configure Command       cscript /nologo configure.js
"--enable-snapshot-build" "--enable-debug-pack"
"--with-snapshot-template=d:\php-sdk\bin\\..\snap_5_2\vc6\x86\template"
"--with-php-build=d:\php-sdk\bin\\..\snap_5_2\vc6\x86\php_build"
"--with-pdo-oci=D:\php-sdk\oracle\instantclient10\sdk,shared"
"--with-oci8=D:\php-sdk\oracle\instantclient10\sdk,shared"
Server API      ISAPI

------------------------------------------------------------------------

[2009-05-03 01:00:10] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

------------------------------------------------------------------------

[2009-04-25 14:54:59] j...@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/



------------------------------------------------------------------------

[2008-10-28 20:21:41] ethan dot nelson at ltd dot org

<?php

ini_set("display_errors","yes");

$poo = new PDO("odbc:DEVELOPMENT");

$query = "SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, 
CAST('asdfasdfasdf' AS nvarchar(max)) AS garbled";
$stm = $poo->prepare($query);
echo $query."<br>\n";

$id = 1;
$stm->bindParam(':id',$id,PDO::PARAM_INT);
$id2 = 1;
$stm->bindParam(':id2',$id2,PDO::PARAM_INT);

echo "<pre>\n";
if ($stm->execute()) print_r($stm->fetchAll(PDO::FETCH_ASSOC));
else print_r( $stm->errorInfo());
echo "</pre>\n";

phpinfo();

?>

-----------Results in:

SELECT CAST('asdfasdfasdf' AS nvarchar) AS good, CAST('asdfasdfasdf' 
AS nvarchar(max)) AS garbled
Array
(
    [0] => Array
        (
            [good] => asdfasdfasdf
            [garbled] => ä ä
        )

)

PHP Version 5.2.7RC2-dev

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/44278

-- 
Edit this bug report at http://bugs.php.net/?id=44278&edit=1

Reply via email to