php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47977 bindParam, current(), next()
Submitted: 2009-04-16 00:22 UTC Modified: 2009-09-29 20:47 UTC
From: fhgvbrdyftgjhgtfr at gazeta dot pl Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.2.9 OS: Unix
Private report: No CVE-ID: None
 [2009-04-16 00:22 UTC] fhgvbrdyftgjhgtfr at gazeta dot pl
Description:
------------
bindParam doesn't work with vars returned by current(), next()

Reproduce code:
---------------
<?php
$array = array_diff($array2, array_keys($array3));
reset($array);
$size = count($array);
$in = '?';
for($i = 1; $i < $size; ++$i) $in .= ', ?';
$stmt = $db->prepare('SELECT `name` FROM `table` WHERE `language` = ? AND `code` IN('.$in.')');
$stmt->bindValue(1, 'en', PDO::PARAM_STR, 2);
$i = 1;
$element = current($array);
do {
	$stmt->bindParam(++$i, $element, PDO::PARAM_STR, 2);
} while(($element = next($array)) !== false);

Expected result:
----------------
SELECT `name` FROM `table` WHERE `language` = 'en' AND `code` IN('us', 'gb', 'nz')

Actual result:
--------------
SELECT `name` FROM `table` WHERE `language` = 'en' AND `code` IN('0', '0', '0')

When i change
$stmt->bindParam(++$i, $element, PDO::PARAM_STR, 2);
to
$stmt->bindValue(++$i, $element, PDO::PARAM_STR, 2);
i get:
SELECT `name` FROM `table` WHERE `language` = 'en' AND `code` IN('us', 'gb', 'nz')

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-30 10:47 UTC] jani@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2009-05-08 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-05-16 01:20 UTC] fhgvbrdyftgjhgtfr at gazeta dot pl
<?php
$db = new PDO('mysql:dbname=test;host=localhost', 'root', '');
$array2 = array('gb', 'us', 'nz', 'fr', 'de');
$array3 = array('fr'=>true, 'de'=>true);
$array = array_diff($array2, array_keys($array3));
reset($array);
$size = count($array);
$in = '?';
for($i = 1; $i < $size; ++$i) $in .= ', ?';
$stmt = $db->prepare('SELECT `name` FROM `table` WHERE `language` = ?
AND `code` IN('.$in.')');
$stmt->bindValue(1, 'en', PDO::PARAM_STR);
$i = 1;
$element = current($array);
do {
	$stmt->bindParam(++$i, $element, PDO::PARAM_STR);
} while(($element = next($array)) !== false);
$stmt->execute();
var_dump($stmt->fetchAll());
?>
-----------------
expected result:
array(3) {
  [0]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
  [1]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
  [2]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
}
--------------------
actual result:
array(0) {
}
--------------------
db:
CREATE TABLE IF NOT EXISTS `table` (
  `name` varchar(45) NOT NULL,
  `language` enum('en','fr') NOT NULL,
  `code` char(2) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;


INSERT INTO `table` (`name`, `language`, `code`) VALUES
('test', 'en', 'gb'),
('test', 'en', 'nz'),
('test', 'en', 'us'),
('test', 'en', 'cz');
 [2009-08-25 17:52 UTC] sjoerd@php.net
Thank you for your bug report.

Although you supplied code to reproduce the problem, it is more complicated and longer than necessary. Please supply a short, complete and understandable piece of code to reproduce the problem. This is to make sure the problem is with PHP and not with the example.
 [2009-09-02 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-09-27 19:54 UTC] fhgvbrdyftgjhgtfr at gazeta dot pl
<?php
$db = new PDO('mysql:dbname=test;host=localhost', 'root', '');
$array2 = array('fr', 'gb', 'de');
$array3 = array('de'=>true);
$array = array_diff($array2, array_keys($array3));
reset($array);
$stmt = $db->prepare('SELECT `name` FROM `table` WHERE `language` = ? AND `code` IN(?, ?)');
$stmt->bindValue(1, 'en', PDO::PARAM_STR);
$element = current($array);
$stmt->bindParam(2, $element, PDO::PARAM_STR);
$element = next($array);
$stmt->bindParam(3, $element, PDO::PARAM_STR);
$stmt->execute();
var_dump($stmt->fetchAll());
?>
---------------
actual result:
array(1) {
  [0]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
}
---------------
expected result:
array(2) {
  [0]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
  [1]=>
  array(2) {
    ["name"]=>
    string(4) "test"
    [0]=>
    string(4) "test"
  }
}
---------------
db:
CREATE TABLE `table` (
  `name` varchar(45) NOT NULL,
  `language` enum('en','fr') NOT NULL,
  `code` char(2) NOT NULL
);
INSERT INTO `table` (`name`, `language`, `code`) VALUES
('test', 'en', 'fr'),
('test', 'en', 'gb');
---------------
if you change

$stmt->bindParam(2, $element, PDO::PARAM_STR);
for
$stmt->bindValue(2, $element, PDO::PARAM_STR);

AND

$stmt->bindParam(3, $element, PDO::PARAM_STR);
for
$stmt->bindValue(3, $element, PDO::PARAM_STR);

you will receive expected result

i can't write it easier, so deal with it or just delete this report.
 [2009-09-29 20:47 UTC] uw@php.net
"Binds a PHP variable to a corresponding named or question mark placeholder in the SQL statement that was use to prepare the statement. Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.", http://de2.php.net/manual/en/pdostatement.bindparam.php

At the time that you call PDOStatement::execute() you have overwritten the bound variables' value ($element) multi times. PDO does exactly what is documented: it uses the last value of $element. 

Workaround: use bindValue() instead of bindParam().




 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Apr 11 20:01:27 2021 UTC