PHP :: Bug #46954 :: pg_prepare silently truncates query name

Bug #46954	pg_prepare silently truncates query name
Submitted:	2008-12-27 15:17 UTC	Modified:	2009-01-02 14:55 UTC
From:	thuejk at gmail dot com	Assigned:
Status:	Not a bug	Package:	PostgreSQL related
PHP Version:	5.2.8	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-12-27 15:17 UTC] thuejk at gmail dot com

Description:
------------
When using pg_prepare(string $stmtname, string $query) with a very long $stmtname, the $stmtname will be silently truncated. It would be nice if PHP emitted an E_NOTICE, as postgresql itself does:

psql=> PREPARE abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz as SELECT NOW();
NOTICE:  identifier "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz" will be truncated to "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk"
PREPARE

Note that it is a sane idea to try to use the query itself as $stmtname (less bookkeeping), which naturally leads to trying large $stmtname's.

Reproduce code:
---------------
pg_connect(...);

pg_prepare("abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 1", "SELECT 1");
pg_prepare("abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 2", "SELECT 2");

Expected result:
----------------
An E_NOTICE because the name was truncated.

Actual result:
--------------
No E_NOTICE.

pg_prepare() [function.pg-prepare]: Query failed: ERROR:  prepared statement "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 2" already exists

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-01 19:35 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The truncation is done by Postgre and the PQPrepare() function does not 
provide any indicators about truncation.

[2009-01-02 14:37 UTC] thuejk at gmail dot com

The maximum length of the name is NAMEDATALEN-1 - see http://www.postgresql.org/docs/8.3/static/sql-syntax-lexical.html . I assume that constant is available in the postgresql include files.

Unless manually overwritten, NAMEDATALEN is 64. In the example above, the name was also truncated to length 63.

Using NAMEDATALEN, it should be trivial to manually add the warning.

[2009-01-02 14:55 UTC] thuejk at gmail dot com

Hmm, which of course will not work since the database we are actually connecting to may have a different length compiled in. But perhaps there is a way to ask the database what its NAMEDATALEN is. (though I can't find it just now)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Mar 27 17:01:30 2025 UTC