PHP :: Bug #41639 :: odbc_execute fails with parameters

Bug #41639

odbc_execute fails with parameters

Submitted:

2007-06-08 18:08 UTC

Modified:

2007-07-19 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cody dot stockwell at qsicorp dot com

Assigned:

kalowsky (profile)

Status:

No Feedback

Package:

ODBC related

PHP Version:

4.4.7

OS:

Red Hat 4 ES

Private report:

CVE-ID:

None

View Developer Edit

[2007-06-08 18:08 UTC] cody dot stockwell at qsicorp dot com

Description:
------------
The script works fine when talking to Apache(WinXP)/PHP5/DNS [SQL Server]/MS SQL Express 2005,
but when I try to get it to run on Apache (Linux)/PHP4/[unixODBC/FreeTDS]/MS SQL Express 2005 I get an error from PHP.

If I place variables into the odbc_prepare() statement directly it works fine, but for some reason refuses to replace the '?' parameter in odbc_execute(). Obviously that would negate the security advantage of using odbc_prepare().

So it appears to be a bug in PHP4, but unfortunately the boss is hesitant to install PHP5 or any new version for fear of breaking everything.

Reproduce code:
---------------
<?php
$dsn = "SQLExpress";
$dbuser = "sa";
$dbpass = "mypass";
$dbname = "mydb";

$connect = odbc_connect($dsn, $dbuser, $dbpass);
odbc_exec($connect, "use " . $dbname) or die("Failed to connect to database.");

$query = odbc_prepare($connect, "SELECT FIRST_NAME, MIDDLE_INITIAL, LAST_NAME FROM mytable WHERE LAST_NAME = ?");
odbc_execute($query, array("Smith"));

echo odbc_result_all($query);
?>


Expected result:
----------------
FIRST_NAME	MIDDLE_INITIAL	LAST_NAME
Joseph	C	Smith
Travis	M	Smith
2

Actual result:
--------------
Warning: odbc_execute(): SQL error: <&#65533;tH&#65533; I&#65533;&#65533;5, SQL state 00000 in SQLExecute in /var/www/html/v_contact.php on line 11

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-07-11 13:00 UTC] jani@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

If the bug exists in PHP 5.2 snapshot, update the version to "5CVS, 4CVS (yyyy-mm-dd)

[2007-07-19 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 08:01:35 2025 UTC