PHP :: Bug #60624 :: Incorrect Invalid variable used for bind error

Bug #60624

Incorrect Invalid variable used for bind error

Submitted:

2011-12-29 11:35 UTC

Modified:

2012-10-26 05:18 UTC

Votes:	6
Avg. Score:	4.5 ± 0.8
Reproduced:	4 of 4 (100.0%)
Same Version:	1 (25.0%)
Same OS:	1 (25.0%)

From:

935c at itsynergy dot co dot uk

Assigned:

sixd (profile)

Status:

No Feedback

Package:

OCI8 related

PHP Version:

5.3.8

OS:

Scientific Linux 6.1

Private report:

CVE-ID:

None

View Developer Edit

[2011-12-29 11:35 UTC] 935c at itsynergy dot co dot uk

Description:
------------
I am seeing the following errors generated for no apparent reason when a function 
is used as a string source:
PHP Warning:  oci_bind_by_name(): Invalid variable used for bind
PHP Warning:  oci_execute(): ORA-01008: not all variables bound

If I replace the $sim_token parameter in my FS_ORA_NEW_SIMTOKEN call with a 
static string, e.g. "2", then it all works fine.

Test script:
---------------
-- The OCI8 Call --
function FS_ORA_NEW_SIMTOKEN($p_sess,$p_tkn) {
        $c = FS_ORA_CONNECT();
        $s = oci_parse($c, "begin fs_pkg_XXXXX.new_auth(:p_sess,:p_sim);end;");
        oci_bind_by_name($s,":p_sess",$p_sess,-1,SQLT_CHR);
        oci_bind_by_name($s,":p_sim",$p_tkn,-1,SQLT_CHR);
        $exec_status=oci_execute($s);
        oci_free_statement($s);
        return $exec_status;
}
-- The Token Generator--
function FS_SIMAPI_GETTOKEN() {
        $valid_time=time()+FS_SIM_TOKLEN;
        $sesskey=htmlspecialchars(sha1(XXXXXXXXXXXXX));
        $qry_array=array(
        'mode' => 'AUTH',
        'user' => FS_SIM_UNA,
        'clientip'=>FS_SIM_SRCIP,
        'expiry' => $valid_time,
        'key' => $sesskey
        );
        $tokres=FS_SIMAPI_SIMPLEPOST("XXXXXXX AUTH",$qry_array);
        if ($tokres==false) {
                return false;
        }
        libxml_use_internal_errors(true);
        try {
        $xmlp=new SimpleXMLElement($tokres);
        } catch (Exception $e) {
                foreach(libxml_get_errors() as $error_line) {
                $error_msg = "SimpleXML: ".$error_line->message;
                FS_APPTOOL_LOGERR($error_msg);
                }
        return false;
        }
        return $xmlp->results->token;
}
-- The Application Call--
// 4 XXXXXX Token
$sim_token=FS_SIMAPI_GETTOKEN();
if($sim_token!=false) {
$sim_to_db=FS_ORA_NEW_SIMTOKEN($_COOKIE['fs_cookie'],$sim_token);
if($sim_to_db==false) {
    header("Location: " . FS_APP_HOME_URI . "?autherr=" . urlencode(FS_ERR_SIMFAIL));
    exit;
}
} else {
    header("Location: " . FS_APP_HOME_URI . "?autherr=" . urlencode($sim_token));
    exit;
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-12-29 11:37 UTC] 935c at itsynergy dot co dot uk

OCI8 Support	enabled
Version	1.4.6
Revision	$Revision: 313688 $
Active Persistent Connections	0
Active Connections	0
Oracle Run-time Client Library Version	11.2.0.2.0
Oracle Version	11.2
Compile-time ORACLE_HOME	/u01/app/oracle/product/11.2.0/xe
Libraries Used	-Wl,-rpath,/u01/app/oracle/product/11.2.0/xe/lib -
L/u01/app/oracle/product/11.2.0/xe/lib -lclntsh
Temporary Lob support	enabled
Collections support	enabled


Directive	Local Value	Master Value
oci8.connection_class	no value	no value
oci8.default_prefetch	100	100
oci8.events	Off	Off
oci8.max_persistent	-1	-1
oci8.old_oci_close_semantics	Off	Off
oci8.persistent_timeout	-1	-1
oci8.ping_interval	60	60
oci8.privileged_connect	Off	Off
oci8.statement_cache_size	20	20

[2011-12-29 13:47 UTC] 935c at itsynergy dot co dot uk

update php version

[2011-12-29 13:47 UTC] 935c at itsynergy dot co dot uk

-PHP Version: Irrelevant +PHP Version: 5.3.8

[2012-01-27 00:20 UTC] sixd@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

Can you give a concrete example of a failing $p_tkn token?  Also what is the 
fs_pkg signature? Do the oci_bind_by_name calls return errors?

[2012-01-27 00:20 UTC] sixd@php.net

-Status: Open +Status: Feedback

[2012-02-23 21:47 UTC] sixd@php.net

-Assigned To: +Assigned To: sixd

[2012-10-26 05:18 UTC] sixd@php.net

-Status: Feedback +Status: No Feedback

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC