php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60624 Incorrect Invalid variable used for bind error
Submitted: 2011-12-29 11:35 UTC Modified: 2012-10-26 05:18 UTC
Votes:6
Avg. Score:4.5 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:1 (25.0%)
From: 935c at itsynergy dot co dot uk Assigned: sixd (profile)
Status: No Feedback Package: OCI8 related
PHP Version: 5.3.8 OS: Scientific Linux 6.1
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-12-29 11:35 UTC] 935c at itsynergy dot co dot uk
Description:
------------
I am seeing the following errors generated for no apparent reason when a function 
is used as a string source:
PHP Warning:  oci_bind_by_name(): Invalid variable used for bind
PHP Warning:  oci_execute(): ORA-01008: not all variables bound

If I replace the $sim_token parameter in my FS_ORA_NEW_SIMTOKEN call with a 
static string, e.g. "2", then it all works fine.

Test script:
---------------
-- The OCI8 Call --
function FS_ORA_NEW_SIMTOKEN($p_sess,$p_tkn) {
        $c = FS_ORA_CONNECT();
        $s = oci_parse($c, "begin fs_pkg_XXXXX.new_auth(:p_sess,:p_sim);end;");
        oci_bind_by_name($s,":p_sess",$p_sess,-1,SQLT_CHR);
        oci_bind_by_name($s,":p_sim",$p_tkn,-1,SQLT_CHR);
        $exec_status=oci_execute($s);
        oci_free_statement($s);
        return $exec_status;
}
-- The Token Generator--
function FS_SIMAPI_GETTOKEN() {
        $valid_time=time()+FS_SIM_TOKLEN;
        $sesskey=htmlspecialchars(sha1(XXXXXXXXXXXXX));
        $qry_array=array(
        'mode' => 'AUTH',
        'user' => FS_SIM_UNA,
        'clientip'=>FS_SIM_SRCIP,
        'expiry' => $valid_time,
        'key' => $sesskey
        );
        $tokres=FS_SIMAPI_SIMPLEPOST("XXXXXXX AUTH",$qry_array);
        if ($tokres==false) {
                return false;
        }
        libxml_use_internal_errors(true);
        try {
        $xmlp=new SimpleXMLElement($tokres);
        } catch (Exception $e) {
                foreach(libxml_get_errors() as $error_line) {
                $error_msg = "SimpleXML: ".$error_line->message;
                FS_APPTOOL_LOGERR($error_msg);
                }
        return false;
        }
        return $xmlp->results->token;
}
-- The Application Call--
// 4 XXXXXX Token
$sim_token=FS_SIMAPI_GETTOKEN();
if($sim_token!=false) {
$sim_to_db=FS_ORA_NEW_SIMTOKEN($_COOKIE['fs_cookie'],$sim_token);
if($sim_to_db==false) {
    header("Location: " . FS_APP_HOME_URI . "?autherr=" . urlencode(FS_ERR_SIMFAIL));
    exit;
}
} else {
    header("Location: " . FS_APP_HOME_URI . "?autherr=" . urlencode($sim_token));
    exit;
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-29 11:37 UTC] 935c at itsynergy dot co dot uk
OCI8 Support	enabled
Version	1.4.6
Revision	$Revision: 313688 $
Active Persistent Connections	0
Active Connections	0
Oracle Run-time Client Library Version	11.2.0.2.0
Oracle Version	11.2
Compile-time ORACLE_HOME	/u01/app/oracle/product/11.2.0/xe
Libraries Used	-Wl,-rpath,/u01/app/oracle/product/11.2.0/xe/lib -
L/u01/app/oracle/product/11.2.0/xe/lib -lclntsh
Temporary Lob support	enabled
Collections support	enabled


Directive	Local Value	Master Value
oci8.connection_class	no value	no value
oci8.default_prefetch	100	100
oci8.events	Off	Off
oci8.max_persistent	-1	-1
oci8.old_oci_close_semantics	Off	Off
oci8.persistent_timeout	-1	-1
oci8.ping_interval	60	60
oci8.privileged_connect	Off	Off
oci8.statement_cache_size	20	20
 [2011-12-29 13:47 UTC] 935c at itsynergy dot co dot uk
update php version
 [2011-12-29 13:47 UTC] 935c at itsynergy dot co dot uk
-PHP Version: Irrelevant +PHP Version: 5.3.8
 [2012-01-27 00:20 UTC] sixd@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

Can you give a concrete example of a failing $p_tkn token?  Also what is the 
fs_pkg signature? Do the oci_bind_by_name calls return errors?
 [2012-01-27 00:20 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2012-02-23 21:47 UTC] sixd@php.net
-Assigned To: +Assigned To: sixd
 [2012-10-26 05:18 UTC] sixd@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Feb 09 07:05:47 2023 UTC