php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79293 SQLite3Result::fetchArray() may fetch rows after last row
Submitted: 2020-02-21 10:31 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: cmb@php.net Assigned:
Status: Open Package: SQLite related
PHP Version: 7.3Git-2020-02-21 (Git) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2020-02-21 10:31 UTC] cmb@php.net
Description:
------------
SQLite3Result::fetchArray() returns FALSE if a query result has
been fully fetched; however, calling SQLite3::fetchArray()
afterwards on this result set may allow to traverse it again
without having called SQLite3Result::reset().

From the sqlite3_step() docs[1] (emphasis mine):

| SQLITE_DONE means that the statement has finished executing
| successfully. sqlite3_step() *should* *not* be called again on
| this virtual machine without first calling sqlite3_reset() to
| reset the virtual machine back to its initial state.

So this behavior of SQLite3Result::fetchArray() relies on
something that should not be done, and therefore might trigger
arbitrary behavior.  And even if the behavior is reliable, it
would still be confusing, see e.g. parts of the second example of
bug #64531.

[1] <https://www.sqlite.org/c3ref/step.html>


Test script:
---------------
<?php
$db = new SQLite3(':memory:');
$db->exec("CREATE TABLE foo (bar INT)");
for ($i = 1; $i <= 3; $i++) {
    $db->exec("INSERT INTO foo VALUES ($i)");
}

$res = $db->query("SELECT * FROM foo");
while (($row = $res->fetchArray(SQLITE3_ASSOC))) {
    var_dump($row);
}
var_dump($res->fetchArray(SQLITE3_ASSOC));
?>


Expected result:
----------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
bool(false)

Actual result:
--------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
array(1) {
  ["bar"]=>
  int(1)
}


Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-24 11:57 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: [POC] Fix #64531: SQLite3Result::fetchArray runs the query again
On GitHub:  https://github.com/php/php-src/pull/5204
Patch:      https://github.com/php/php-src/pull/5204.patch
 [2023-05-29 06:32 UTC] pedrosheltonef40601 at gmail dot com
the given information is very helpful for me thank you so much for this(https://www.mymilestonecard.biz/)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 00:01:32 2024 UTC