php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58522 Segfault when preparing a value in a like clause
Submitted: 2009-01-27 12:34 UTC Modified: 2009-03-06 03:51 UTC
From: tom at advancedatatools dot com Assigned:
Status: Open Package: PDO_INFORMIX (PECL)
PHP Version: 5.2.5 OS: Linux (Opensuse)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-01-27 12:34 UTC] tom at advancedatatools dot com
Description:
------------
When using a prepared statement with a like clause with '%?%' the pdo driver segfaults. This should either work or throw an error.

Using it in the syntax of "fname like ?" and having the variable be "%Lud%" works as intended. This is minor but it should not be crashing.

Reproduce code:
---------------
<?

putenv("INFORMIXDIR=/opt/informix");
putenv("INFORMIXSERVER=llama");
$dbh = new PDO("informix:host=server; service=1516; database=stores_demo; server=server; protocol=onsoctcp;EnableScrollableCursors=1", "informix", "password");
$sqlline = "select fname from customer where fname like '%?%'";
$val = "Lud";
$sth = $dbh->prepare($sqlline);
$sth->execute(array($val));
$row = $sth->fetch();
print_r($row);


Expected result:
----------------
Array
(
    [FNAME] => Ludwig
    [0] => Ludwig
)


Actual result:
--------------
llama:/www/fht # php test.php
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-28 03:47 UTC] abhargav at in dot ibm dot com
Hi,

Thanks for reporting this. I am able to reproduce this problem. 

Regards,
Ambrish Bhargava
 [2009-03-06 03:51 UTC] abhargav at in dot ibm dot com
Hi,

The sample that you have provided is throwing SegV (I am working on this). But ideally the correct usage is as follows:

Right now you are doing:
>>>
$sqlline = "select fname from customer where fname like '%?%'";
$val = "Lud";
<<<

The modified way to do the same is as:
>>>
$sqlline = "select fname from customer where fname like ?";
$val = "%Lud%";
<<<

Please try above method and you will get expected results. At the same time I am also working on this SegV.

Regards,
Ambrish Bhargava
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Apr 23 12:01:25 2019 UTC