php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75813 Can't catch mysqli_sql_exception if bind_param() has mismatch
Submitted: 2018-01-13 21:03 UTC Modified: 2020-09-19 22:49 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:1 of 3 (33.3%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: support at vid2chat dot com Assigned: cmb (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.1.13 OS: MacOS High Sierra
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2018-01-13 21:03 UTC] support at vid2chat dot com 
Description:
------------
Using mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT) converts all MySQLi errors to exceptions, except for if there is a mismatch in bind_result(). This occurs in both the bound variables and types. An error with the following message is shown: 

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

Test script:
---------------
$stmt = $mysqli->prepare("SELECT id, name, age FROM myTable WHERE name = ?");
$stmt->bind_param("si", $_POST['name'], $_POST['age']);
$stmt->execute();
$arr = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
if(!$arr) exit('No rows');
var_export($arr);
$stmt->close();

Expected result:
----------------
I should be able to catch all MySQLi exceptions, but this specific error is not converted to an exception.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-14 03:17 UTC] support at vid2chat dot com
-: dtm824 at gmail dot com +: support at vid2chat dot com
 [2018-01-14 03:17 UTC] support at vid2chat dot com 
Description:
------------
Using mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT) converts all MySQLi errors to exceptions, except for if there is a mismatch in bind_result(). This occurs in both the bound variables and types. An error with the following message is shown: 

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

Test script:
---------------
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$stmt = $mysqli->prepare("SELECT * FROM table WHERE name = ?");
$stmt->bind_param("si", $_POST['name'], $_POST['age']);
$stmt->execute();
$arr = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
if(!$arr) exit('No rows');
var_export($arr);
$stmt->close();

Expected result:
----------------
I should be able to catch all MySQLi exceptions, but this specific error is not converted to an exception.
 [2020-09-19 22:49 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-09-19 22:49 UTC] cmb@php.net 
This has been fixed with commit 7a95e94[1] (i.e. as of PHP 8.0.0).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=7a95e943d642e05532979a06221c476183eac7e4>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 23:01:27 2024 UTC