php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75813 Can't catch mysqli_sql_exception if bind_param() has mismatch
Submitted: 2018-01-13 21:03 UTC Modified: 2018-01-14 03:17 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:1 of 3 (33.3%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: support at vid2chat dot com Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.1.13 OS: MacOS High Sierra
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-01-13 21:03 UTC] support at vid2chat dot com
Description:
------------
Using mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT) converts all MySQLi errors to exceptions, except for if there is a mismatch in bind_result(). This occurs in both the bound variables and types. An error with the following message is shown: 

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

Test script:
---------------
$stmt = $mysqli->prepare("SELECT id, name, age FROM myTable WHERE name = ?");
$stmt->bind_param("si", $_POST['name'], $_POST['age']);
$stmt->execute();
$arr = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
if(!$arr) exit('No rows');
var_export($arr);
$stmt->close();

Expected result:
----------------
I should be able to catch all MySQLi exceptions, but this specific error is not converted to an exception.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-14 03:17 UTC] support at vid2chat dot com
-: dtm824 at gmail dot com +: support at vid2chat dot com
 [2018-01-14 03:17 UTC] support at vid2chat dot com
Description:
------------
Using mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT) converts all MySQLi errors to exceptions, except for if there is a mismatch in bind_result(). This occurs in both the bound variables and types. An error with the following message is shown: 

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

Test script:
---------------
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$stmt = $mysqli->prepare("SELECT * FROM table WHERE name = ?");
$stmt->bind_param("si", $_POST['name'], $_POST['age']);
$stmt->execute();
$arr = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
if(!$arr) exit('No rows');
var_export($arr);
$stmt->close();

Expected result:
----------------
I should be able to catch all MySQLi exceptions, but this specific error is not converted to an exception.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 07:01:34 2019 UTC