php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #78945 Different behavior PARAM_INT on string in 7.0 and 7.2
Submitted: 2019-12-11 14:04 UTC Modified: 2019-12-14 18:22 UTC
From: shol_ at hotmail dot com Assigned: cmb (profile)
Status: Duplicate Package: PDO MySQL
PHP Version: 7.2.25 + 7.3 OS: CentOS
Private report: No CVE-ID: None
 [2019-12-11 14:04 UTC] shol_ at hotmail dot com
Description:
------------
The main 'problem' I have is undocument change of behavior in pdo's bindParam() when binding a string as integer.
In php 7.0 I think it's silently binded as string because the queries return the expected result. In 7.2.25 and 7.3 (I didn't test 7.1) no warnings or exceptions are raised, but all rows are returned.

I want this change of behavior be documented (please correct me if I'm wrong, I can't find it here as bug or in the upgrade/release notes).
And a nice to have would be a warning in the logfiles.

Test script:
---------------
$driver_options = array( PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES UTF8 COLLATE UTF8_unicode_ci', PDO::MYSQL_ATTR_LOCAL_INFILE => 1);
	$oDb = new LoggedPDO('mysqli:host=localhost;dbname=DATABASENAME', 'USERNAME', 'PASSWORD',$driver_options);
$oDb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$oDb->exec('
	CREATE TABLE `test_parambinding` (
	  `id` int(10) NOT NULL,
	  `name` varchar(10) NOT NULL
	) ENGINE=InnoDB DEFAULT CHARSET=latin1;

	INSERT INTO `test_parambinding` (`id`, `name`) VALUES
	(1, "one"),
	(2, "two");

	ALTER TABLE `test_parambinding`
	  ADD PRIMARY KEY (`id`);

	ALTER TABLE `test_parambinding`
	  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;
	COMMIT;
');
	
$oStmt = $oDb->prepare('SELECT * FROM `test_parambinding` WHERE `name` = :name');
	$name = 'one';
	
echo 'Bind string $name as PDO::PARAM_INT';
echo PHP_EOL;
$oStmt->bindParam(':name', $name, PDO::PARAM_INT);
$oStmt->execute();
$aResults = $oStmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($aResults);

Expected result:
----------------
Not really 'expecting' this, but this is how it worked in php <= 7.0.
The query fetches one (the expected) row:
array(1) {
  [0]=>
  array(2) {
    ["id"]=>
    string(1) "1"
    ["name"]=>
    string(3) "one"
  }
}

Maybe it would be best if PDO generates a warning or throws an exception (string bound as integer?).

Actual result:
--------------
PHP 7.2 and 7.3 fetches all rows (in this example case, both rows).


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-12-14 12:08 UTC] drtechno at mail dot com
I think the code is working correctly there.
fetchAll(PDO::FETCH_ASSOC)

would return the associated object array inside a fetchAll array.

I'm thinking you are trying to use it like mysqli's fetch_assoc, which you would use PDO's fetchObject() like so:

$select='SELECT col1,col,col3 FROM table';
$query = $pdo->query($select);
$items = $query ->fetchObject();
Print_r($items);
 [2019-12-14 15:29 UTC] shol_ at hotmail dot com
-PHP Version: 7.2.25 +PHP Version: 7.2.25 + 7.3
 [2019-12-14 15:29 UTC] shol_ at hotmail dot com
@drtechno 
It's not about fetching the results, it's all about the bindParam() on a string variable.
In the example code, I get only one result back.
In PHP v7.2 and v7.3 I get all results from the table back.
To get the same result from the select statement, I have to bind the param with PDO::PARAM_STR. The code for fetching the results doesn't change.
 [2019-12-14 18:22 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2019-12-14 18:22 UTC] cmb@php.net
This is a duplicate of bug #77954.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Oct 11 08:01:27 2024 UTC