php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77067 Inserting a BLOB from a stream transforms it to a string
Submitted: 2018-10-26 14:14 UTC Modified: 2020-02-24 07:50 UTC
From: php at bohwaz dot net Assigned:
Status: Open Package: PDO related
PHP Version: 7.3.0RC4 OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-10-26 14:14 UTC] php at bohwaz dot net 
Description:
------------
If passing a stream as a parameter of PDOStatement::bindParam it is transformed to a string which contains the stream contents.

For example this prevents reusing the stream handle to close it properly or to truncate or change the file contents.

Test script:
---------------
<?php

$pdo = new PDO('sqlite::memory:');
$pdo->exec('CREATE TABLE test (a INTEGER, b BLOB);');

$fp = tmpfile();
fwrite($fp, 'Random stuff!');
fseek($fp, 0);

$stmt = $pdo->prepare('INSERT INTO test VALUES (?, ?);');
$stmt->bindValue(1, 42);
$stmt->bindParam(2, $fp, PDO::PARAM_LOB);

$stmt->execute();

var_dump(gettype($fp));

Expected result:
----------------
resource

Actual result:
--------------
string

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-05 10:57 UTC] sjon at hortensius dot net 
FWIW this isn't necessarily 7.3 specific - it has been like this ever since php 7.0, see https://3v4l.org/tg2Gl
 [2020-02-24 07:50 UTC] cmb@php.net
-Package: PDO SQLite +Package: PDO related
 [2020-02-24 07:50 UTC] cmb@php.net 
The same happens with PDO_MySQL if emulated prepares are disabled.
PDO_ODBC may convert non-string parameters to string.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Wed Sep 23 13:01:24 2020 UTC