php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46954 pg_prepare silently truncates query name
Submitted: 2008-12-27 15:17 UTC Modified: 2009-01-02 14:55 UTC
From: thuejk at gmail dot com Assigned:
Status: Not a bug Package: PostgreSQL related
PHP Version: 5.2.8 OS: Linux
Private report: No CVE-ID: None
 [2008-12-27 15:17 UTC] thuejk at gmail dot com
Description:
------------
When using pg_prepare(string $stmtname, string $query) with a very long $stmtname, the $stmtname will be silently truncated. It would be nice if PHP emitted an E_NOTICE, as postgresql itself does:

psql=> PREPARE abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz as SELECT NOW();
NOTICE:  identifier "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz" will be truncated to "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk"
PREPARE

Note that it is a sane idea to try to use the query itself as $stmtname (less bookkeeping), which naturally leads to trying large $stmtname's.

Reproduce code:
---------------
pg_connect(...);

pg_prepare("abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 1", "SELECT 1");
pg_prepare("abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 2", "SELECT 2");

Expected result:
----------------
An E_NOTICE because the name was truncated.

Actual result:
--------------
No E_NOTICE.

pg_prepare() [function.pg-prepare]: Query failed: ERROR:  prepared statement "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 2" already exists


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-01 19:35 UTC] iliaa@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

The truncation is done by Postgre and the PQPrepare() function does not 
provide any indicators about truncation.
 [2009-01-02 14:37 UTC] thuejk at gmail dot com
The maximum length of the name is NAMEDATALEN-1 - see http://www.postgresql.org/docs/8.3/static/sql-syntax-lexical.html . I assume that constant is available in the postgresql include files.

Unless manually overwritten, NAMEDATALEN is 64. In the example above, the name was also truncated to length 63.

Using NAMEDATALEN, it should be trivial to manually add the warning.
 [2009-01-02 14:55 UTC] thuejk at gmail dot com
Hmm, which of course will not work since the database we are actually connecting to may have a different length compiled in. But perhaps there is a way to ask the database what its NAMEDATALEN is. (though I can't find it just now)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 00:01:30 2024 UTC