|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44189 PDO::setAttribute(PDO::ATTR_ERRMODE, <bogus>) parameter checks
Submitted: 2008-02-20 18:16 UTC Modified: 2008-02-21 13:38 UTC
From: uwendel at mysql dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-02-20 (CVS) OS: Linux
Private report: No CVE-ID: None
 [2008-02-20 18:16 UTC] uwendel at mysql dot com
Question: is there consensus that PDO should use stricter parameter checking. By that I mean primarily that PDO functions follow the "modern" style of bailing out if you pass a non-scalar value parameter which expect a scalar?

[1] Like this:

 $tmp = array()
 PDO->setAttribute(PDO::ATTR_ERRMODE, $tmp)

If everybody agrees, Andrey or Johannes can fix this and similar minor flaws as we continue with the PDO_MYSQLND development. I guess there's a good number of similar flaws.

[2] Related, what about this one:

  $tmp = new stdClass()
  PDO->setAttribute(PDO::ATTR_ERRMODE, $tmp)

Reproduce code:
[1] nixnutz@ulflinux:~/php53> sapi/cli/php -r '$pdo=new PDO("sqlite:/tmp/foo.db"); $tmp = array(); var_dump($pdo->setAttribute(PDO::ATTR_ERRMODE, $tmp));'

[2] nixnutz@ulflinux:~/php53> sapi/cli/php -r '$pdo=new PDO("sqlite:/tmp/foo.db"); $tmp = new stdClass(); var_dump($pdo->setAttribute(PDO::ATTR_ERRMODE, $tmp));'
(may print a notice about the implicit casting)

Expected result:
Warning or similar + bool(false)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-20 18:46 UTC] uwendel at mysql dot com
PDO->setAttribute(PDO::ATTR_ORACLE_NULLS, <bogus>)

Same story. As said, we can fix those tiny things as we go, if there's consensus to change it.
 [2008-02-21 13:38 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

In some cases the attribute value cannot be filtered against a white 
list, so any value will do. If there is an option to filter invalid 
params by the driver (which knows about allowable values) it should be 
done. But filtering of attribute values (the ones relating to the 
driver) should be done by the driver.

I've applied checks for some of the native options just now.
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Apr 26 07:01:25 2019 UTC