PHP :: Bug #54551 :: pdo_mysql_stmt_get_col() converts DB integer to string

Bug #54551	pdo_mysql_stmt_get_col() converts DB integer to string
Submitted:	2011-04-17 19:22 UTC	Modified:	2011-04-17 22:20 UTC
From:	php_nospam at ramihyn dot sytes dot net	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	Irrelevant	OS:	Any
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 24 - 15 = ?
Subscribe to this entry?

[2011-04-17 19:22 UTC] php_nospam at ramihyn dot sytes dot net

Description:
------------
pdo_mysql_stmt_get_col() returns a string instead of an integer obtained from the database. This happens with the pdo_mysql extension included in the PHP download section as well as on my Ubuntu box.

Looking at mysql_statement.c from the pdo_mysql source shows, that it returns a ZVAL reference instead of a string when compiled with mysqlnd, so if i may ask: why isnt it the default to compile with mysqlnd?


Test script:
---------------
<?php
$mysql = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$mysql->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, false);

var_dump($mysql->query('SELECT 42')->fetch(PDO::FETCH_NUM));
?>



Expected result:
----------------
array(1) {
  [0]=>
  int(42)
}


Actual result:
--------------
array(1) {
  [0]=>
  string(2) "42"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-04-17 20:36 UTC] johannes@php.net

The issue actually is that PDO by default uses emulation of prepared statements. Only native prepared statements use the binary protocol which keeps the proper types.

[2011-04-17 20:36 UTC] johannes@php.net

-Status: Open +Status: Bogus

[2011-04-17 20:36 UTC] johannes@php.net

[2011-04-17 22:05 UTC] php_nospam at ramihyn dot sytes dot net

Yeah well, its a bug that pdo/pdo_mysql have for at least 3 years now.
http://bugs.php.net/bug.php?id=44341 was set to Bogus claiming it was not a PDO core bug.

So you're trying to tell me its irrelevant that PHP's next generation database interface cant event transport an int(11) from database to a variable without converting it to a string?

As mysql_fetch_assoc() handles integers correctly by not converting them to a string, it really shouldnt be that hard for pdo_mysql to do the same.

[2011-04-17 22:20 UTC] php_nospam at ramihyn dot sytes dot net

This misbehaviour effectively renders pdo_mysql useless since 3 years, and using the functions from the mysql extension is more likely vulnerable to sql injection attacks.

Stating this is Bogus or Irrelevant doesnt sound much like a solution making php and php applications more secure.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 20:01:31 2024 UTC