|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54551 pdo_mysql_stmt_get_col() converts DB integer to string
Submitted: 2011-04-17 19:22 UTC Modified: 2011-04-17 22:20 UTC
From: php_nospam at ramihyn dot sytes dot net Assigned:
Status: Not a bug Package: MySQL related
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: php_nospam at ramihyn dot sytes dot net
New email:
PHP Version: OS:


 [2011-04-17 19:22 UTC] php_nospam at ramihyn dot sytes dot net
pdo_mysql_stmt_get_col() returns a string instead of an integer obtained from the database. This happens with the pdo_mysql extension included in the PHP download section as well as on my Ubuntu box.

Looking at mysql_statement.c from the pdo_mysql source shows, that it returns a ZVAL reference instead of a string when compiled with mysqlnd, so if i may ask: why isnt it the default to compile with mysqlnd?

Test script:
$mysql = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$mysql->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, false);

var_dump($mysql->query('SELECT 42')->fetch(PDO::FETCH_NUM));

Expected result:
array(1) {

Actual result:
array(1) {
  string(2) "42"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-17 20:36 UTC]
The issue actually is that PDO by default uses emulation of prepared statements. Only native prepared statements use the binary protocol which keeps the proper types.
 [2011-04-17 20:36 UTC]
-Status: Open +Status: Bogus
 [2011-04-17 20:36 UTC]
 [2011-04-17 22:05 UTC] php_nospam at ramihyn dot sytes dot net
Yeah well, its a bug that pdo/pdo_mysql have for at least 3 years now. was set to Bogus claiming it was not a PDO core bug.

So you're trying to tell me its irrelevant that PHP's next generation database interface cant event transport an int(11) from database to a variable without converting it to a string?

As mysql_fetch_assoc() handles integers correctly by not converting them to a string, it really shouldnt be that hard for pdo_mysql to do the same.
 [2011-04-17 22:20 UTC] php_nospam at ramihyn dot sytes dot net
This misbehaviour effectively renders pdo_mysql useless since 3 years, and using the functions from the mysql extension is more likely vulnerable to sql injection attacks.

Stating this is Bogus or Irrelevant doesnt sound much like a solution making php and php applications more secure.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 16 20:01:29 2024 UTC