php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59169 db_execute should return error message with wrong param count
Submitted: 2010-04-16 15:03 UTC Modified: 2010-04-19 03:00 UTC
From: aaron dot hawley at vtinfo dot com Assigned:
Status: Open Package: ibm_db2 (PECL)
PHP Version: 5.2.11 OS: i5/OS
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-04-16 15:03 UTC] aaron dot hawley at vtinfo dot com
Description:
------------
PHP issues a warning when the parameter count is wrong for db2_execute(). Unfortunately, db2_stmt_errormsg() and db2_stmt_error() never return anything after this occurs.

The following code shows examples of running db_execute().  One with too few paramaters.  The other has too many.  Only the latter creates the warning "Statement Execute Failed"

This is problematic when other API's want to use ibm_db2 as a driver.  There is no error message to work with when this error occurs.

For example, see how it is affecting the Zend Framework, here.

http://framework.zend.com/issues/browse/ZF-9663

Reproduce code:
---------------
$conn = db2_connect('db', 'user', '****');

if (!$conn) {
    $err = db2_conn_errormsg($conn);
    printf("%s: %s\n", 'Problem connecting', $err);
    db2_close($conn);
    exit(1);
} // else {

$sql = 'SELECT "name" FROM "table" AS "t" WHERE "id" = ?';
$stmt = db2_prepare($conn, $sql);

if (!$stmt) {
    $err = db2_stmt_errormsg($stmt);
    printf("%s: %s\n", 'Prepare failed', $err);
    db2_close($conn);
    exit(1);
} // else {

$result = db2_execute($stmt, array(/* warning condition */));

if (!$result) {
    $err = db2_stmt_errormsg($stmt);
    printf("%s: %s\n", 'Query failed', $err);
    $result = db2_execute($stmt, array(1, 2 /* failure condition */));
    if (!$result) {
        $err = db2_stmt_errormsg($stmt);
        printf("%s: %s\n", 'Query failed', $err);
    }
    db2_close($conn);
    exit(1);
} // else {

while($row = db2_fetch_assoc($stmt)) {
    foreach ($row as $col => $val) {
        printf("  %s: %s\n", $col, $val);
    }
    printf("--\n");
}

db2_close($conn);
exit(0);


Expected result:
----------------
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line 22
Query failed: 
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line 27
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line 27
Query failed:


Actual result:
--------------
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line 22
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line 22
Query failed: Param count incorrect
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line 27
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line 27
Query failed: Param count incorrect


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-16 15:10 UTC] aaron dot hawley at vtinfo dot com
Sorry!  Should be.

Expected result:
----------------
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line
22
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line
22
Query failed: Param count incorrect
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line
27
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line
27
Query failed: Param count incorrect

Actual result:
--------------
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line
22
Query failed: 
PHP Warning:  db2_execute(): Param count incorrect in bug.php on line
27
PHP Warning:  db2_execute(): Statement Execute Failed in bug.php on line
27
Query failed:
 [2010-04-19 03:00 UTC] abhargav at in dot ibm dot com
Hi,

Thanks for providing this input. This will definitely helps developers. I will try to include this in future release (not sure if I can do it in next release).

Regards,
Ambrish Bhargava
 [2014-02-12 22:01 UTC] adc at us dot ibm dot com
Too few params will not produce db2_stmt_error, because SQLExecute never happens (code ibm_db2.c below)


PHP_FUNCTION(db2_execute)
{
	rc = SQLNumParams((SQLHSTMT)stmt_res->hstmt, (SQLSMALLINT*)&num);
	if ( num != 0 ) {
    :
			numOpts = zend_hash_num_elements(Z_ARRVAL_P(parameters_array));
			if (numOpts > num) {
php.log-------->php_error_docref(NULL TSRMLS_CC, E_WARNING, "Param count incorrect");
too many ok---->numOpts = stmt_res->num_params;
			} else if (numOpts < num) {
php.log-------->php_error_docref(NULL TSRMLS_CC, E_WARNING, "Param count incorrect");
too few stop--->RETURN_FALSE;
			}
			zend_hash_internal_pointer_reset(Z_ARRVAL_P(parameters_array));
			for ( i = 0; i < numOpts; i++) {
            : ... bind parms not passed (impossible) ...
            }
    :
	}
--->have SQLExecute for SQL errors db2_stmt_error <---
--->  too many -- yes db2_stmt_error              <---
--->  too few  -- no db2_stmt_error (stop above)  <---
	rc = SQLExecute((SQLHSTMT)stmt_res->hstmt);
	if ( rc == SQL_ERROR ) {
		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Statement Execute Failed");
		_php_db2_check_sql_errors(stmt_res->hstmt, SQL_HANDLE_STMT, rc, 1, NULL, -1, 1 TSRMLS_CC);
		RETVAL_FALSE;
	}
:
}
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Thu Mar 26 19:01:59 2015 UTC