Edit report at http://bugs.php.net/bug.php?id=54258&edit=1
ID: 54258
User updated by: an0nym at narod dot ru
Reported by: an0nym at narod dot ru
Summary: MySQL: Silent ignorance of binds inside comments
causes other to be wrong bound
-Status: Feedback
+Status: Open
Type: Bug
Package: PDO related
Operating System: Linux
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
root@test # uname -a
Linux test 2.6.35.11-83.fc14.x86_64 #1 SMP Mon Feb 7 07:06:44 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux
06:53:51 ~
root@test # php -v
PHP 5.3.6 (cli) (built: Mar 17 2011 20:56:13)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
06:53:56 ~
root@test # find / | grep libmysql
/usr/lib64/mysql/libmysqlclient.so.16.0.0
/usr/lib64/mysql/libmysqlclient_r.so.16.0.0
/usr/lib64/mysql/libmysqlclient_r.so.16
/usr/lib64/mysql/libmysqlclient.so.16
06:54:02 ~
root@test # cat test.php
<?php
var_dump(function_exists("mysqli_fetch_all"));
$DB = new PDO("mysql:dbname=test;host=localhost", "root", "",
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false));
$DB->exec("CREATE TEMPORARY TABLE t(f1 VARCHAR(1), f2 VARCHAR(1)) SELECT
0 f1, 0 f2");
$stmt = $DB->prepare("UPDATE t SET /*f1 = :field1, */f2 = :field2");
$field1 = 1;
$field2 = 2;
$stmt->bindParam(":field1", $field1, PDO::PARAM_INT);
$stmt->bindParam(":field2", $field2, PDO::PARAM_INT);
$stmt->execute();
foreach ($DB->query("SELECT * FROM t") as $row)
var_dump($row);
06:54:07 ~
root@test # php test.php
bool(false)
array(4) {
["f1"]=>
string(1) "0"
[0]=>
string(1) "0"
["f2"]=>
string(1) "1"
[1]=>
string(1) "1"
}
06:54:11 ~
root@test # mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.1.56 Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights
reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2
license
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
mysql> exit
Bye
06:54:47 ~
root@test #
Previous Comments:
------------------------------------------------------------------------
[2011-05-10 09:56:54] [email protected]
Can't reproduce. Please, provide full example including connect, create
table, error handling and so forth.
------------------------------------------------------------------------
[2011-03-15 16:30:52] an0nym at narod dot ru
Description:
------------
See test script.
Test script:
---------------
$statement = $DB->prepare("UPDATE t SET /*field1 = :field1, */field2 =
:field2");
$field1 = 1;
$field2 = 2;
$statement->bindParam(":field1", $field1, PDO::PARAM_INT);
$statement->bindParam(":field2", $field2, PDO::PARAM_INT);
$statement->execute();
Expected result:
----------------
Query "UPDATE t SET /*field1 = 1, */field2 = 2" or error message like
"wrong param count".
Actual result:
--------------
Silently running query "UPDATE t SET /*field1 = ?, */field2 = 1".
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54258&edit=1
