ID: 37285
Comment by: moy at ivsol dot net
Reported By: vldi at yahoo dot com
Status: Assigned
Bug Type: PDO related
Operating System: Suse 10
PHP Version: 5CVS-2006-05-02 (snap)
Assigned To: wez
New Comment:
Im having the same issue.
PHP version: PHP 5.1.4-pl0-gentoo with Hardening-Patch 0.4.9 (cli)
(built: May 16 2006 16:51:09)
I dont think It matters having Hardening Patch.
I have used the following code to test:
<?php
/*bug: 37285*/
try
{
$pdo = new
PDO('pgsql:dbname=iss-callmanager;user=postgres;password=voip123admin;host=localhost');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/* the following statement have SQL error, no space between SET
value and WHERE clause */
$statement = $pdo->prepare('UPDATE patterns SET pattern_name =
:pattern_nameWHERE pattern_id = :pattern_id');
$pattern_name = 'SIP Internas';
$pattern_id = 4;
$values = array(':pattern_name' => $pattern_name,
':pattern_id' => $pattern_id);
$result = $statement->execute($values);
var_dump($result);
var_dump($statement->errorInfo());
}
catch ( PDOException $error )
{
echo $error->getMessage() . "\n";
}
?>
I was expecting an exception, or the query executed successfully,
nothing happens. I have noticed that postgresql executes the query
correctly If I put the literal query in the command line, no matter
that no space exists between the SET value and the starting of the
WHERE clause.
Previous Comments:
------------------------------------------------------------------------
[2006-05-04 15:57:02] smlerman at gmail dot com
Well, I found the problem with my code.
$stmt->bindValue(':something', $some_array, PDO::PARAM_INT);
Obviously, trying to bind an array as an integer doesn't work too well.
Some type of error message/exception would be nice to see though.
------------------------------------------------------------------------
[2006-05-04 14:59:14] smlerman at gmail dot com
5.1.2 using MySQL.
This also appears to be a problem with prepared queries.
$stmt->execute() returns false, but no exception is raised. Both
$db->errorInfo() and $stmt->errorInfo() show no error (code '00000').
The database log shows the query being prepared, but doesn't show the
execution attempt.
$res = $stmt->execute();
echo "<pre>"; var_dump($res, $stmt->errorInfo(), $db->errorInfo());
echo "</pre>";
bool(false)
array(1) {
[0]=>
string(5) "00000"
}
array(1) {
[0]=>
string(5) "00000"
}
------------------------------------------------------------------------
[2006-05-02 21:05:00] vldi at yahoo dot com
Description:
------------
PDO does not raise the exception when SQL fails.
Config is: './configure' '--prefix=/usr/local/php5' '--with-openssl'
'--with-kerberos' '--with-zlib' '--with-bz2' '--enable-calendar'
'--with-curl' '--with-curlwrappers' '--enable-exif' '--enable-ftp'
'--with-gettext' '--with-ldap' '--with-ldap-sasl'
'--with-mssql=/usr/local/freetds' '--with-mysql' '--with-mysql-sock'
'--with-mysqli' '--with-unixODBC=/usr' '--with-pdo-mysql'
'--with-pdo-odbc=unixODBC,/usr' '--enable-sockets' '--enable-sysvmsg'
'--enable-sysvsem' '--enable-sysvshm' '--with-xsl' '--with-pear'
'--disable-cgi' '--with-apxs2=/usr/local/apache2/bin/apxs'
'--with-config-file-path=/etc/php.ini' '--enable-debug'
Reproduce code:
---------------
<html><body>
<?php
$dsn =
'DRIVER=FreeTDS;SERVERNAME=server1;DATABASE=testdb;UID=user1;';
$dbuser='foolproof';
$dbpassword='';
$dbh = null;
try {
$dbh = new PDO('odbc:'.$dsn, $dbuser, $dbpassword );
if ( ! $dbh ) {
print "<p>No DBH</p></body></html>";
die();
};
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->exec("
create procedure pdotest
@param_in int = null,
@param_out int output
as
set @param_out = @param_in
go
");
} catch ( PDOException $e ) {
print "<p>Failed: ".$e->getMessage()."</p></body></html>";
die();
}
?>
<p>Succedeed</p>
</body></html>
Expected result:
----------------
Expect to either see the new procedure created, or exception raised.
Actual result:
--------------
The page displays "Succeesed", yet no procedure created in the
database.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=37285&edit=1
