php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #77954 Binding value as PDO::PARAM_INT has different behaviour in PHP 7.2
Submitted: 2019-05-01 08:59 UTC Modified: 2019-05-01 09:14 UTC
Votes:3
Avg. Score:3.3 ± 0.5
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: f dot bosch at genkgo dot nl Assigned:
Status: Open Package: PDO MySQL
PHP Version: 7.2.17 OS: Ubuntu
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: f dot bosch at genkgo dot nl
New email:
PHP Version: OS:

 

 [2019-05-01 08:59 UTC] f dot bosch at genkgo dot nl
Description:
------------
When binding a value against a MySQL PDO statement, the behaviour between PHP 7.1 and PHP 7.2 differs. When you bind a value as integer while passing a float, this was no problem with PHP7.1. However, it became a problem in PHP7.2.

The problem is when executing the following. It inserts 0.5 in PHP7.1, and 0 in PHP7.2. I have tested this against MariaDB (10.1 and 10.2), not against MySQL. Another person also found difference in behaviour: https://stackoverflow.com/questions/54413798/pdoparam-int-behaviour-in-php-7-1-php-7-2.

$stmt = $pdo->prepare('INSERT INTO tbl (val) VALUES (?)');
$stmt->bindValue(1, 0.5, PDO::PARAM_INT);

See also this pull request in the Laravel Framework for this behaviour change: https://github.com/laravel/framework/pull/28379.

Test script:
---------------
<?php
$pdo = new PDO('mysql:dbname=floattest;host=127.0.0.1', 'root', '');

$create = $pdo->prepare('CREATE TABLE IF NOT EXISTS tbl (val DECIMAL(9,2))');
$create->execute();

$del = $pdo->prepare('DELETE FROM tbl');
$del->execute();

$ins = $pdo->prepare('INSERT INTO tbl (val) VALUES (?)');
$ins->bindValue(1, 0.5, PDO::PARAM_INT);
$ins->execute();

$sel = $pdo->prepare('SELECT * FROM tbl');
$sel->execute();
var_dump($sel->fetchColumn(0));

Expected result:
----------------
0.5

Actual result:
--------------
0

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-05-01 09:02 UTC] nikic@php.net
-Status: Open +Status: Feedback
 [2019-05-01 09:02 UTC] nikic@php.net
Why do you think the previous behavior was correct? It seems right to me that if an integer binding is requested it should be bound as an integer.
 [2019-05-01 09:10 UTC] f dot bosch at genkgo dot nl
-Status: Feedback +Status: Open
 [2019-05-01 09:10 UTC] f dot bosch at genkgo dot nl
You are right. I totally agree that the previous behaviour was not correct. Since I could not find any reason why the behaviour change was there, no backward-incompatibility notice in this regard, I was wondering if this is intensional. This could affect quite some people, especially those using the Laravel framework and/or only its database component.

If you no idea, please just close the report.
 [2019-05-01 09:14 UTC] nikic@php.net
-Type: Bug +Type: Documentation Problem
 [2019-05-01 09:14 UTC] nikic@php.net
This should be due to bug #73234 / https://github.com/php/php-src/commit/32b6154a61fae820386527f3019f8c5937fc5d27.

Changing this to a doc problem as this probably should indeed be mentioned in the upgrading guide.
 [2019-08-30 09:45 UTC] oleg at andreyev dot lv
This fix actually triggered another issue:
- Let's say we have foo table and it's big
- We have an SQL `SELECT * FROM foo WHERE bar IN (:param)`
- We bindValue('param', 'baz', \PDO::PARAM_INT) // INT is a mistake obviously 
- As result PDO will send `SELECT * FROM foo WHERE bar IN (0)` which is a valid query and it's causing MySQL (probably because of type-conversion) to return all rows that 

I think we should add some checks to `pdo_parse_params` and make sure that type of value is correct otherwise throw error.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Sep 16 10:01:36 2019 UTC