php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54551 pdo_mysql_stmt_get_col() converts DB integer to string
Submitted: 2011-04-17 19:22 UTC Modified: 2011-04-17 22:20 UTC
From: php_nospam at ramihyn dot sytes dot net Assigned:
Status: Not a bug Package: MySQL related
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php_nospam at ramihyn dot sytes dot net
New email:
PHP Version: OS:

 

 [2011-04-17 19:22 UTC] php_nospam at ramihyn dot sytes dot net 
Description:
------------
pdo_mysql_stmt_get_col() returns a string instead of an integer obtained from the database. This happens with the pdo_mysql extension included in the PHP download section as well as on my Ubuntu box.

Looking at mysql_statement.c from the pdo_mysql source shows, that it returns a ZVAL reference instead of a string when compiled with mysqlnd, so if i may ask: why isnt it the default to compile with mysqlnd?


Test script:
---------------
<?php
$mysql = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$mysql->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, false);

var_dump($mysql->query('SELECT 42')->fetch(PDO::FETCH_NUM));
?>



Expected result:
----------------
array(1) {
  [0]=>
  int(42)
}


Actual result:
--------------
array(1) {
  [0]=>
  string(2) "42"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-17 20:36 UTC] johannes@php.net 
The issue actually is that PDO by default uses emulation of prepared statements. Only native prepared statements use the binary protocol which keeps the proper types.
 [2011-04-17 20:36 UTC] johannes@php.net
-Status: Open +Status: Bogus
 [2011-04-17 20:36 UTC] johannes@php.net 
.
 [2011-04-17 22:05 UTC] php_nospam at ramihyn dot sytes dot net 
Yeah well, its a bug that pdo/pdo_mysql have for at least 3 years now.
http://bugs.php.net/bug.php?id=44341 was set to Bogus claiming it was not a PDO core bug.

So you're trying to tell me its irrelevant that PHP's next generation database interface cant event transport an int(11) from database to a variable without converting it to a string?

As mysql_fetch_assoc() handles integers correctly by not converting them to a string, it really shouldnt be that hard for pdo_mysql to do the same.
 [2011-04-17 22:20 UTC] php_nospam at ramihyn dot sytes dot net 
This misbehaviour effectively renders pdo_mysql useless since 3 years, and using the functions from the mysql extension is more likely vulnerable to sql injection attacks.

Stating this is Bogus or Irrelevant doesnt sound much like a solution making php and php applications more secure.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 02:01:28 2024 UTC