|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44895 Passing XML as a parameter to a stored procedure, causes syntax error.
Submitted: 2008-05-02 17:17 UTC Modified: 2008-11-29 00:51 UTC
Avg. Score:3.8 ± 0.8
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: jrichardson at whisolutions dot com Assigned:
Status: Not a bug Package: MSSQL related
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jrichardson at whisolutions dot com
New email:
PHP Version: OS:


 [2008-05-02 17:17 UTC] jrichardson at whisolutions dot com
When passing XML as a parameter to a stored procedure; the mssql_query call now interrupts the "/" as a special character and produces a syntax error. If the slashes are removed from the XML the SP executes, but the XML parser inside the procedure will not be able to handle it.

The same query will execute and return the proper results when executed from PHP5 or from mssql server directly.

Reproduce code:
$sSQL = "exec any_store_procedure NULL, NULL, '<status><id>5</id><id>6</id><id>8</id></status>', NULL, '01/01/2008', '04/29/2008', 25, 1";
$rc = mssql_query($sSQL,$Link_ID);
$returnedrows = mssql_num_rows($rc);

Expected result:
Depends on the Stored Procedure. But this will causes a syntax error. When running the same query in PHP4 or directly in mssql, it returns a result.

Actual result:
Warning: mssql_query() [function.mssql-query]: message: Line 3: Incorrect syntax near ','. (severity 15) in


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-29 00:51 UTC]
I'm not sure whenever this should be fixed on a php level, however as far I remember then MSSQL had an escape syntax like:

SELECT col1_name FROM table1 WHERE col2_name LIKE '\/' {escape '\'}

same syntax should apply to stored procedures. I'm marking this as bogus as I still don't think its a php level bug, but rather an SQL syntax issue :)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 20 04:01:28 2024 UTC