php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72368 PdoStatement->execute() fails but does not throw an exception
Submitted: 2016-06-09 09:47 UTC Modified: 2020-12-10 15:18 UTC
Votes:5
Avg. Score:3.4 ± 1.5
Reproduced:4 of 5 (80.0%)
Same Version:0 (0.0%)
Same OS:2 (50.0%)
From: fredrik at neam dot se Assigned:
Status: Closed Package: PDO MySQL
PHP Version: 7.0.7 OS: Any
Private report: No CVE-ID: None
 [2016-06-09 09:47 UTC] fredrik at neam dot se
Description:
------------
PdoStatement->execute() fails but does not throw an exception when supplying parameters to execute() whilst not using any placeholders in the query.

Tested on PHP 7.0.7, 5.6.20 and HHVM 3.13.1

Test script:
---------------
$dbh = new PDO('###');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$params = [":bar" => 1];
$sql = "SELECT 1";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute($params);


Expected result:
----------------
Either ->execute() should return true and the result set be populated, or an exception should be thrown (like it does for the below case):

$dbh = new PDO('###');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$params = [":bar" => 1];
$sql = "SELECT :foo";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute($params);

Actual result:
--------------
$result is false, but an exception is not thrown. The result set is empty.

This is problematic since when the error mode is set to PDO::ERRMODE_EXCEPTION, it is fair to assume that failed statements results in thrown exceptions, so that the return variable must not be checked after each usage of ->execute(). 



Patches

bug72368_test (last revision 2016-07-10 05:35 UTC by mbeccati@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-10 05:34 UTC] mbeccati@php.net
-Package: PDO related +Package: PDO MySQL -Operating System: Debian Jessie +Operating System: Any
 [2016-07-10 05:34 UTC] mbeccati@php.net
Moving to pdo_mysql as both pdo_sqlite and pdo_pgsql raise an exception, as expected. I haven't tested the other drivers, but I will attach a patch that adds a PDO Common test for the issue.
 [2016-07-10 05:35 UTC] mbeccati@php.net
The following patch has been added/updated:

Patch Name: bug72368_test
Revision:   1468128909
URL:        https://bugs.php.net/patch-display.php?bug=72368&patch=bug72368_test&revision=1468128909
 [2019-06-12 21:48 UTC] dan dot mara at gmail dot com
I experience this issue as well with dblib. Using SQL Server Profiler, I confirmed that it as indeed triggering exceptions at the DB level, but they are not being thrown by PDO. It seems inconsistent, in that I only get exceptions when executing a statement where I did something like forgetting to bind a parameter.

The following should demontrate the issue:

$conn = new PDO('dblib:host=XXX;dbname=XXX', 'REDACTED', 'REDACTED');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$stmt = $conn->prepare("SELECT thistable FROM doesnotexist");
try {
	$stmt->execute();
} catch (Exception $ex) {
	die("I am never reached");
}

The above WILL reach SQL Server, and emit an EventClass of "Exception", but PDO does not trickle it down to a PDOException. It's extremely unreliable.
 [2020-12-10 15:18 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2020-12-10 15:18 UTC] nikic@php.net
The problem here seems to be specifically the case where a) emulated prepared statements are used and b) there are no placeholders in the query. In that case we hit an early bailout and don't validate the passed parameters.
 [2020-12-10 15:55 UTC] nikic@php.net
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9e3ba775b7de7d7647c488beb9e302d03690f955
Log: Fixed bug #72368
 [2020-12-10 15:55 UTC] nikic@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 06:01:30 2024 UTC