php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73234 emulated statements let value dictate parameter type
Submitted: 2016-10-03 15:19 UTC Modified: 2016-10-07 14:28 UTC
From: adambaratz@php.net Assigned: adambaratz (profile)
Status: Closed Package: PDO Core
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2016-10-03 15:19 UTC] adambaratz@php.net
Description:
------------
See test script. I would expect both statements to return NULL. Given the looseness of PHP's type system, this feels appropriate and safer. There's a related issue where numbers can end up treated as strings.

Test script:
---------------
$db = new PDO(...);

$stmt = $db->prepare("SELECT :null");
$stmt->bindValue(':null', null, PDO::PARAM_NULL);
$stmt->execute();
var_dump($stmt->fetchAll()); // NULL

$stmt = $db->prepare("SELECT :null");
$stmt->bindValue(':null', 0, PDO::PARAM_NULL);
$stmt->execute();
var_dump($stmt->fetchAll()); // 0


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-07 14:28 UTC] adambaratz@php.net
-Assigned To: +Assigned To: adambaratz
 [2016-10-10 22:16 UTC] adambaratz@php.net
Automatic comment on behalf of adambaratz
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32b6154a61fae820386527f3019f8c5937fc5d27
Log: Fix #73234: Emulated statements let value dictate parameter type
 [2016-10-10 22:16 UTC] adambaratz@php.net
-Status: Assigned +Status: Closed
 [2017-01-12 09:12 UTC] krakjoe@php.net
Automatic comment on behalf of adambaratz
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32b6154a61fae820386527f3019f8c5937fc5d27
Log: Fix #73234: Emulated statements let value dictate parameter type
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC