php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #73068 SQLite3 may fail to DELETE
Submitted: 2016-09-12 23:38 UTC Modified: 2016-09-13 14:31 UTC
From: alejosimon at gmail dot com Assigned: ab
Status: Closed Package: SQLite related
PHP Version: Irrelevant OS: Windows 7 x64
Private report: No CVE-ID:
 [2016-09-12 23:38 UTC] alejosimon at gmail dot com
Description:
------------
In the last realease of sqlite anunce 2 important bug fixed:

https://sqlite.org/src/info/ef360601

https://sqlite.org/src/info/199df4168c

Especially the first one, I think that should be updated immediately for being a common use query as DELETE.

Thank you, sorry for my english.

Test script:
---------------
<?php

$db = new \PDO( 'sqlite::memory:' ) ;
$db->exec( "
	CREATE TABLE IF NOT EXISTS t1(a INT UNIQUE, b INT);
	INSERT OR REPLACE INTO t1(a,b) VALUES('1','2');

	SELECT * FROM t1 WHERE a='1' AND b='2';

	DELETE FROM t1 WHERE a='1' AND b='2';
" );

print_r( $db->query( "SELECT * FROM t1;" )->fetchAll() );

?>

Expected result:
----------------
Array
(
)

Actual result:
--------------
Array
(
    [0] => Array
        (
            [a] => 1
            [0] => 1
            [b] => 2
            [1] => 2
        )

)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-13 11:06 UTC] cmb@php.net
-Summary: Update buldle sqlite lib for severe bug. +Summary: SQLite3 may fail to DELETE -Status: Open +Status: Verified -Package: PDO SQLite +Package: SQLite related -Assigned To: +Assigned To: cmb
 [2016-09-13 11:06 UTC] cmb@php.net
I don't think that the second issue is too much of a problem,
because the bug report states:

> This problem has been in the code since before version 3.3.7
> (2006-08-12), and and hence gone unnoticed for over ten years.
> For that reason, it is given a low severity.

The first issue, however, appears to be real problem.

Anyhow, SQLite 3.14.2 has already been released, so PHP 7.1+ will
have to be updated anyway. PHP 5.6 is still on SQLite 3.8.10.2,
and as such is not affected by the first issue. It's not yet clear
to me what to do with PHP 7.0, which is still on SQLite 3.13.0.
 [2016-09-13 11:25 UTC] cmb@php.net
-Summary: SQLite3 may fail to DELETE +Summary: Update to SQLite 3.14.2 -Type: Bug +Type: Feature/Change Request
 [2016-09-13 11:25 UTC] cmb@php.net
After further consideration, I don't think this qualifies as bug,
because users can compile against a custom libsqlite3.
 [2016-09-13 11:42 UTC] cmb@php.net
-Assigned To: cmb +Assigned To: ab
 [2016-09-13 11:42 UTC] cmb@php.net
I have updated PHP 7.1+ to SQLite 3.14.2, see
<http://git.php.net/?p=php-src.git;a=commit;h=07aab07c>.

Anatol, should PHP 7.0 be updated as well?
 [2016-09-13 13:29 UTC] alejosimon at gmail dot com
cmb... ought to be! jeje!

... not forget that most web developers do not compile php, and the Windows users always depend on the compiled versions.

thanks!
 [2016-09-13 14:00 UTC] ab@php.net
-Status: Verified +Status: Closed
 [2016-09-13 14:00 UTC] ab@php.net
I've added libsqlite 3.14.2 to 7.0 dev as well. For the upcoming release, the bundled libsqlite is downgraded to latest known stable 3.8.x. For PHP 7.0.12 we'll see further then, whether to instantly revert libsqlite to 3.8.x or to keep 3.14.2.

Thanks.
 [2016-09-13 14:01 UTC] ab@php.net
-Summary: Update to SQLite 3.14.2 +Summary: SQLite3 may fail to DELETE
 [2016-09-13 14:01 UTC] ab@php.net
Btw. this is not a bug in PHP, but since we bundle libsqlite, it affects quite some users. Lets keep the title therefore. I've also added a test to this behavior.

Thanks.
 [2016-09-13 14:14 UTC] alejosimon at gmail dot com
THANKS!!!

According to my way of seeing it .. if SQL is within PHP or part of it ... it inherits its bugs! according to my interpretation course!

Internally you know it's another lib, but with a faraway look ... is simply a part of PHP.

thanks for the quick update.
 [2016-09-13 14:31 UTC] ab@php.net
@alejosimon, the latests Windows snaps will contain libsqlite 3.14.2. You can fetch the ext DLLs here http://windows.php.net/downloads/snaps/ . And of course please keep in mind the 7.0.12 RC in a couple of weeks.

Thanks.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Apr 28 14:01:35 2017 UTC