|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45373 php crash on query with errors in params
Submitted: 2008-06-27 06:36 UTC Modified: 2008-10-06 15:09 UTC
From: max_wer at ukr dot net Assigned: felipe
Status: Closed Package: InterBase related
PHP Version: 5.2.6 OS: Windows XP SP2
Private report: No CVE-ID:
 [2008-06-27 06:36 UTC] max_wer at ukr dot net
php crash
  count(params in ibase_execute()) > count(params in SQL-string) and
  query-type is not SELECT

Reproduce code:
$db  = ibase_connect('','sysdba','masterkey');
$sql = 
"update country set   currency = ? where country  = ? returning country, currency";/**/
/*"select * from  country where country = ? and currency = ?"; /**/

$t   = ibase_trans(IBASE_WRITE);
$q   = ibase_prepare($db,$t,$sql);
$r   = ibase_execute($q,'USA','Dollar'/*!!!With three param SELECT-OK UPDATE-CRASH*/ ,0/**/);


Expected result:
must be error message


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-01 06:27 UTC] lester at lsces dot co dot uk
I can confirm this is happening, but I also get a crash with the select rather than just update.
Unable to modify the SQL 'NOT' to give a crash - which is what I would probably expect since only the number of parameters matter not how they are used.
Firebird 2.0 and PHP5.2.5
 [2008-07-01 09:24 UTC] max_wer at ukr dot net
I beg pardon. I was, probably, inattentive. SELECT query PHP crash too.
PHP 5.2.6 FIREBIRD 2.1.0
 [2008-10-04 22:54 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2008-10-06 08:35 UTC] max_wer at ukr dot net

 [2008-10-06 15:09 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 01:01:35 2015 UTC