php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #54618 bindValue always returns true
Submitted: 2011-04-28 09:06 UTC Modified: 2011-07-02 04:09 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: jakub dot lopuszanski at nasza-klasa dot pl Assigned:
Status: No Feedback Package: PDO related
PHP Version: 5.3.6 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakub dot lopuszanski at nasza-klasa dot pl
New email:
PHP Version: OS:

 

 [2011-04-28 09:06 UTC] jakub dot lopuszanski at nasza-klasa dot pl 
Description:
------------
even if you $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); the function bindValue (at least with MySQL driver) will not help you detect any type errors, duplicated calls, or binding to wrong parameter.


Test script:
---------------
Bellow is a part of my PHPUnit tests that confirm this ( i guess you can figure out that getSUT, gets system under tests, that is prepares a query from PDO object connected to MySQL database):

<?php
 public function testBindValueAlwaysReturnsTrue(){
   $s = $this->getSUT("SELECT 1 FROM users WHERE id=:id");
   //this one is ok:
   $this->assertSame(true,$s->bindValue(':id',1,PDO::PARAM_INT));
   //this one is not ok at all, as '1' is not integer.
   //moreover we already bound id
   $this->assertSame(true,$s->bindValue(':id','1',PDO::PARAM_INT));
   //this is also bad to allow both :id and id
   $this->assertSame(true,$s->bindValue('id',1,PDO::PARAM_INT));
   //1 is not a string
   $this->assertSame(true,$s->bindValue('id',1,PDO::PARAM_STR));
   //'a' is not an integer
   $this->assertSame(true,$s->bindValue('id','a',PDO::PARAM_INT));
   //null is surely not an integer:
   $this->assertSame(true,$s->bindValue('id',null,PDO::PARAM_INT));
   //1 is not a null
   $this->assertSame(true,$s->bindValue('id',1,PDO::PARAM_NULL));
   //13 is not a valid type of parameter
   $this->assertSame(true,$s->bindValue(':id',1,13));
   //'atlantis' is not even mentioned in the SQL query string:
   $this->assertSame(true,$s->bindValue(':atlantis',1,PDO::PARAM_INT));
 }

?>

Expected result:
----------------
I would expect either more precise documentation which would list all cases for which bindValue returns false (I could not find any), or fixing the function, to return false in cases mentioned above.

Actual result:
--------------
function returns true whatever I do.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-02 07:31 UTC] frozenfire@php.net 
I passed this bug by the fine folks in ##php on Freenode, and TML mentioned that 
by providing a PDO::PARAM_* type, you're likely causing casting behaviour in the 
PHP engine.

I believe an error will only arise in the case that casting doesn't provide a 
sane value.

Do you mind doing some tests to see if errors arise for "non-sane" casting?
 [2011-05-05 08:17 UTC] jakub dot lopuszanski at nasza-klasa dot pl 
Is casting 'a' to integer sane?
 [2011-05-26 14:42 UTC] johannes@php.net 
PHP is a weakly typed language. Implicit casts happen all the time in PHP. Other erros often can't be caught until the statement is executed (either when the replacement is done with emulation, or when the data is sent to the server with native PS)
 [2011-07-02 04:09 UTC] frozenfire@php.net
-Status: Open +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 14:01:30 2024 UTC