php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43457 prepared statement with incorrect parms doens't throw exception
Submitted: 2007-11-29 17:41 UTC Modified: 2007-12-02 21:00 UTC
From: pookey at pookey dot co dot uk Assigned:
Status: Closed Package: PDO related
PHP Version: 5.2CVS-2007-11-29 (CVS) OS: linux
Private report: No CVE-ID:
 [2007-11-29 17:41 UTC] pookey at pookey dot co dot uk
Description:
------------
no exception is thrown when using named params to a prepared statement,  when you pass invalid names.

Interestingly, is that count of the params doesnt' match, an exception is thrown.

Using the code below, but using sqlite instead..

  $pdo = new PDO('sqlite::memory:');

then you do get an exception

# php ./test.php

PDOException: SQLSTATE[HY000]: General error: 25 bind or column index out of range in /tmp/test.php on line 16

Call Stack:
    0.0002     103296   1. {main}() /tmp/test.php:0
    0.0014     106912   2. PDOStatement->execute() /tmp/test.php:16

I've not tested with other DBMSs.


Reproduce code:
---------------
 $ cat ./test.php
<?php

  error_reporting(E_ALL);

  $pdo = new PDO('pgsql:dbname=mmm user=mmm');
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  $pdo->exec('CREATE TABLE test ( field1 varchar, field2 varchar)');

  $stmt2 = $pdo->prepare('INSERT INTO test (field1, field2) VALUES (:param1, :param2)');

  $pdo->beginTransaction();
  $ret = $stmt2->execute( array(
    ':param1'     => 'wibble',
    ':nonsense'  => 1,
  ));
  var_dump($ret);
  var_dump($stmt2->errorInfo());


Expected result:
----------------
exception thrown

Actual result:
--------------
$ ~pookey/src/php5/sapi/cli/php ./test.php
bool(false)
array(3) {
  [0]=>
  string(5) "HY093"
  [1]=>
  int(7)
  [2]=>
  string(0) ""
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-11-30 01:54 UTC] pookey at pookey dot co dot uk
moving to PDO related from Postgres related.
 [2007-12-02 21:00 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC