|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2008-02-19 15:52 UTC] uwendel at mysql dot com
Description:
------------
Parameter parsing/checking by PDO->query() should be updated to todays standards. I would like to see it be more strict and follow ideas from new code, e.g. do not accept object/arrays for scalar (int) parameter.
[1] PDO->query() -> Warning: query(): could not obtain parameters for parsing
[2] assert(PDO::FETCH_CLASS != 1); PDO->query("SELECT ...", 1, 1, 1) -> four arguments make only sense for mode = PDO::FETCH_CLASS but 1 != PDO::FETCH_CLASS, I'd expect to see a warning
[3] $mode = new stdClass();
PDO->query('SELECT ...', $mode) -> Notice + PDOStatement returned ($mode cast to 1 I guess)
[4] PDO->query('SELECT ..., 2, 3, 4, 5) --> two many arguments in any case according to http://de.php.net/manual/en/function.PDO-query.php
Reproduce code:
---------------
[1] nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("mysql:dbname=phptest;unix_socket=/tmp/mysql.sock", "root", "root"); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); var_dump($pdo->query());'
Warning: query(): could not obtain parameters for parsing in Command line code on line 1
bool(false)
[2] nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new stdClass(); var_dump($pdo->query("SELECT id FROM test", 1, 1, 1));'
object(PDOStatement)#3 (1) {
["queryString"]=>
string(19) "SELECT id FROM test"
}
[2] nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new stdClass(); assert(PDO::FETCH_CLASS != 1); var_dump($pdo->query("SELECT id FROM test", 1, 1, 1));'
object(PDOStatement)#3 (1) {
["queryString"]=>
string(19) "SELECT id FROM test"
}
[3] nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("sqlite:/tmp/foo.db"); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new stdClass(); var_dump($pdo->query("SELECT id FROM test", $mode));'
Notice: Object of class stdClass could not be converted to int in Command line code on line 1
object(PDOStatement)#3 (1) {
["queryString"]=>
string(19) "SELECT id FROM test"
}
[4] nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new stdClass(); assert(PDO::FETCH_CLASS != 2); var_dump($pdo->query("SELECT id FROM test", 2, 3, 4, 5));'
object(PDOStatement)#3 (1) {
["queryString"]=>
string(19) "SELECT id FROM test"
}
Expected result:
----------------
Just have a closer look at the function, play with the parameter and make it be a bit stricter and throw more hints for the user.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 17:01:29 2024 UTC |
[5] PDO->query('SELECT ...', PDO::FETCH_INTO) -> no proper error message nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("sqlite:/tmp/foo.db"); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); var_dump($pdo->query("SELECT id FROM test", PDO::FETCH_INTO));' Warning: PDO::query(): SQLSTATE[]: <<Unknown error>> in Command line code on line 1 bool(false)[6] PDO->query("SELECT", PDO::FETCH_COLUMN) -> error message could be better nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("sqlite:/tmp/foo.db"); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); var_dump($pdo->query("SELECT id FROM test", PDO::FETCH_COLUMN));' Warning: PDO::query(): SQLSTATE[]: <<Unknown error>> in Command line code on line 1 bool(false)And a last one... [7] PDO->query('SELECT....', PDO::FETCH_CLASS) -> proper error message nixnutz@ulflinux:~/php53> sapi/cli/php -r 'error_reporting(E_ALL); $pdo=new PDO("sqlite:/tmp/foo.db"); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); var_dump($pdo->query("SELECT id FROM test", PDO::FETCH_CLASS, "unknown"));' Warning: PDO::query(): SQLSTATE[]: <<Unknown error>> in Command line code on line 1 bool(false) I have not checked other error modes of PDO. I do not know if PDO shall raise an exception for every warning it prints, if that's intended at all.