php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #4200 OCIBindByName is unable to bind strings of Zero Length
Submitted: 2000-04-20 11:59 UTC Modified: 2006-07-17 08:08 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jnield at impole dot com Assigned:
Status: Closed Package: OCI8 related
PHP Version: 4.0 Release Candidate 1 OS: Linux 2.2.5 (Redhat 6.1+Patches)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jnield at impole dot com
New email:
PHP Version: OS:

 

 [2000-04-20 11:59 UTC] jnield at impole dot com
When using OCIBindByName, strings of zero length can't be bound. This is a
major problem for me because I use bind-variables for input from
the user, to prevent the input from being interpreted as SQL.

It must be possible to insert a string of zero length. Whether that is treated as NULL
or not should be left to the database if possible.

It seems that this change between 3.1.14 and 4.0 RC1 occurred because strings 
are now being passed to the OCI C library's OCIBindByName() as type SQLT_CHR 
instead of SQLT_STR. OCIBindByName() does not seem to accept a value of 0 for 
'value_sz' when the type is SQLT_CHR, and there is no '\0' at the end of the
string to look for.

Let me know if there's anything I can do to help. This is preventing us
from really testing RC1.

/* EXAMPLE SCRIPT 1 (assume $conn is an open connection) */
$val = "";

$stmt = OCIParse($conn, "select ''||:v_bind||'' from dual");
OCIBindByName($stmt, ":v_bind", &$val, -1);   /* comes from  ->value.str.len */
   /*** RESULT: Warning bindlength == 0 (Correct behaviour as in 3.1.14) */
OCIExecute($stmt);
   /*** RESULT: ORA-01008 not all variables bound (problem...) */
OCIFreeStatement($stmt);

/* EXAMPLE SCRIPT 2 */
$stmt = OCIParse($conn, "select ''||:v_bind||'' from dual");
OCIBindByName($stmt, ":v_bind", &$val, 0); /* Explicitly of zero length */
    /*** RESULT: ORA-01009: missing mandatory parameter */
OCIExecute($stmt);
    /*** RESULT: ORA-01008: not all variables bound */
OCIFreeStatement($stmt);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-05-13 08:00 UTC] thies at cvs dot php dot net
fixed some time ago
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC