php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64937 Unable to run firebird "execute block", containing :xxxx
Submitted: 2013-05-28 13:36 UTC Modified: 2017-10-24 06:45 UTC
Votes:6
Avg. Score:4.3 ± 0.9
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:1 (20.0%)
From: slavb18 at gmail dot com Assigned:
Status: Closed Package: PDO Firebird
PHP Version: 5.4.15 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: slavb18 at gmail dot com
New email:
PHP Version: OS:

 

 [2013-05-28 13:36 UTC] slavb18 at gmail dot com
Description:
------------
Unable to run firebird unparametrized "execute block", containing :xxxx

if query contains string like ":xxxx", pdo->query shows error

SQLSTATE[HY000]: General error: -901 Dynamic SQL Error SQL error code = -901 undefined message number


if I remove "where 1=:test", then execute block works


And, also I cannot prepare and execute "paramerized" execute block if it contains :xxxxx

Execute Block
(
test integer=:test
)
Returns(
 result  varchar(100)
)
as
Begin
 select 'test' from rdb$database where 1=:test
 into result;
 Suspend;
End


I think solution is to ignore any parameters (:xxx) after Begin keyword
in case of firebird

Test script:
---------------
$q="Execute Block
Returns(
 result  varchar(100)
)
as
declare variable test integer=1;
Begin
 select 'test' from rdb\$database where 1=:test
 into result;
 Suspend;
End
";
$sth=$pdo->query($q);
$row=$sth->fetch(PDO::FETCH_ASSOC);


Expected result:
----------------
Array
(
    [RESULT] => test
)

Actual result:
--------------
SQLSTATE[HY000]: General error: -901 Dynamic SQL Error SQL error code = -901 undefined message number


Patches

php5-bug64937.patch (last revision 2013-05-30 14:50 UTC by slavb18 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-28 13:52 UTC] slavb18 at gmail dot com
don't know if it helps, but this is working example with parametrized execute block with ibase_XXX functions

$conn=ibase_connect($base, $user,$pass);

$q="Execute Block
(
test integer=?
)
Returns(
 result  varchar(100)
)
as
Begin
 select 'test' from rdb\$database where 1=:test into result;
 Suspend;
End
";
$qu= ibase_prepare($conn,$q);
$r_sql = ibase_execute($qu,1);
$row=ibase_fetch_assoc($r_sql);
print_r($row);
 [2014-01-01 12:32 UTC] felipe@php.net
-Package: PDO related +Package: PDO Firebird
 [2014-04-08 11:19 UTC] mariuz@php.net
-Assigned To: +Assigned To: mariuz
 [2017-10-24 06:45 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: mariuz +Assigned To:
 [2017-12-04 11:03 UTC] valentin at microtec dot fr
Never fix ?
 [2017-12-14 13:22 UTC] funtech dot n at gmail dot com
Parameter parser in the driver is very simple, and can be tricked by quote symbol inside a comment:

$q="Execute Block
Returns(
 result  varchar(100)
)
as
declare variable test integer=1;
Begin
 /*'*/
 select 'test' from rdb\$database where 1=:test
 into result;
 Suspend;
End
";
$sth=$pdo->query($q);
$row=$sth->fetch(PDO::FETCH_ASSOC);
 [2019-11-26 19:51 UTC] sim-mail at list dot ru
I wrote a patch to solve these problems. The SQL preprocessing code has been ported from Firebird to handle EXECUTE STATEMENT. Both EXECUTE BLOCK work with parameters and skipping parameter markers in comments have been resolved.

https://github.com/php/php-src/pull/4920

Unfortunately, there are no people who can check my code.
 [2020-09-24 22:08 UTC] cmb@php.net
Automatic comment on behalf of sim-mail@list.ru
Revision: http://git.php.net/?p=php-src.git;a=commit;h=17a789e27c31ca13ba4bab6fcfc265d2dd0589a2
Log: Fix #64937: Firebird PDO preprocessing sql
 [2020-09-24 22:08 UTC] cmb@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 10:01:28 2024 UTC