PHP :: Bug #45101 :: pg_send_query_params ORDER BY ignored

Bug #45101

pg_send_query_params ORDER BY ignored

Submitted:

2008-05-27 04:47 UTC

Modified:

2008-10-20 00:41 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

alan at fromorbit dot com

Assigned:

hholzgra (profile)

Status:

Not a bug

Package:

PostgreSQL related

PHP Version:

5.2.6

OS:

Linux 2.6.24.7 x64

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	alan at fromorbit dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2008-05-27 04:47 UTC] alan at fromorbit dot com

Description:
------------
Hi all,

I've discovered that if you use pg_send_query_params() and try and include a parameter for an 'ORDER BY' for example it's completely ignored. I've looked at the pg_trace() output and it appears to be doing the right thing. All I can assume is that the parameter is being converted to a TRUE for an ORDER BY, and so the database happily accepts 'ORDER BY 1'.



Reproduce code:
---------------
#!/opt/php/bin/php
<?php
/*
create table php_bug (id integer, name varchar(255));
insert into php_bug values (1, 'one');
insert into php_bug values (2, 'two');
insert into php_bug values (3, 'three');
insert into php_bug values (4, 'four');
insert into php_bug values (5, 'five');
 */

$conn = pg_connect('host=localhost dbname=test port=5432 user=web');

$sql = 'SELECT * FROM php_bug WHERE name LIKE $1 ORDER BY $2';
$params = array('%o%', 'doesnt_exist_and_should_be_an_sql_error');

if (! pg_connection_busy($conn)) pg_send_query_params($conn, $sql, $params);

$res = pg_get_result($conn);

while($row = pg_fetch_assoc($res))
        echo "{$row['id']} - {$row['name']}\n";

?>


Expected result:
----------------
An SQL error or an output that is ordered by the given parameter

Actual result:
--------------
1 - one
2 - two
4 - four

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-10-19 23:37 UTC] hholzgra@php.net

ORDER BY can get both a result column name or an expression as input,
in regular statements you would distinguish between a column name and a string expression by checking whether the name is in qoutes or not.

With pg_send_query_params() the situation becomes ambiguous though and the function always picks the string variant, so your statement becomes the equivalent of

  SELECT * 
  FROM php_bug 
  WHERE name LIKE '%o%' 
  ORDER BY 'doesnt_exist_and_should_be_an_sql_error';

and so sorts by a constant (string) expression.

[2008-10-20 00:41 UTC] alan at fromorbit dot com

If that's the case, how does one sort by the column name passed into the statement via the prepared values array if it always selects string?

Should this be documented?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 17:00:02 2025 UTC