php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63921 sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
Submitted: 2013-01-06 17:24 UTC Modified: 2013-01-14 16:36 UTC
From: googleguy@php.net Assigned:
Status: Closed Package: SQLite related
PHP Version: 5.4.10 OS:
Private report: No CVE-ID: None
 [2013-01-06 17:24 UTC] googleguy@php.net
Description:
------------
The sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 
API functions internally or checking for a 64 bit build to do so. As a result 
using SQLITE3_INTEGER constants in calls to bindValue cause internal cast to 32 
bit int. This is unexpected behavior and the API calls exist internally sqlite3. 
This is also related to bug #63916 which I also patched. I'm providing an 
additional patch for ext/sqlite3 in relation for the same bug.

Test script:
---------------
$num = 100004313234244; // notice this exceeds 32 bits
$conn = new sqlite3(':memory:');
$conn->query('CREATE TABLE users (id INTEGER NOT NULL, num INTEGER NOT NULL, PRIMARY KEY(id))');

$stmt = $conn->prepare('insert into users (id, num) values (:id, :num)');
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
$stmt->bindValue(':num', $num, SQLITE3_INTEGER);
$stmt->execute();

$stmt = $conn->query('SELECT num FROM users');
$result = $stmt->fetchArray();

printf("Expected: %d Received: %d\n", $num, $result[0]);

Expected result:
----------------
Expected: 100004313234244 Received: 100004313234244

Actual result:
--------------
Expected: 100004313234244 Received: 294714180

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-06 18:49 UTC] googleguy@php.net
I've sent a PR for this as well on master. I hope to get it merged into 5.3.NEXT, 
5.4.NEXT, and 5.5.NEXT for consistency with the fix for bug #63916 as they are 
both related to sqlite3 driver.

https://github.com/php/php-src/pull/254
 [2013-01-14 16:35 UTC] lstrojny@php.net
Automatic comment on behalf of lstrojny
Revision: http://git.php.net/?p=php-src.git;a=commit;h=99d087e5d437023c55f96dcde4b5b784bd8b0ac8
Log: Fixed bug #63921: sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
 [2013-01-14 16:35 UTC] lstrojny@php.net
-Status: Open +Status: Closed
 [2013-01-14 16:36 UTC] lstrojny@php.net
-Status: Closed +Status: Feedback
 [2013-01-14 16:36 UTC] lstrojny@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.4-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2013-01-14 16:43 UTC] lstrojny@php.net
Automatic comment on behalf of lstrojny
Revision: http://git.php.net/?p=php-src.git;a=commit;h=99d087e5d437023c55f96dcde4b5b784bd8b0ac8
Log: Fixed bug #63921: sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
 [2013-01-14 16:43 UTC] lstrojny@php.net
-Status: Feedback +Status: Closed
 [2013-01-14 16:44 UTC] lstrojny@php.net
Automatic comment on behalf of lstrojny
Revision: http://git.php.net/?p=php-src.git;a=commit;h=99d087e5d437023c55f96dcde4b5b784bd8b0ac8
Log: Fixed bug #63921: sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
 [2014-10-07 23:20 UTC] stas@php.net
Automatic comment on behalf of lstrojny
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=99d087e5d437023c55f96dcde4b5b784bd8b0ac8
Log: Fixed bug #63921: sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
 [2014-10-07 23:31 UTC] stas@php.net
Automatic comment on behalf of lstrojny
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=99d087e5d437023c55f96dcde4b5b784bd8b0ac8
Log: Fixed bug #63921: sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC