php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79568 No exception when more PDO parameters passed than needed
Submitted: 2020-05-05 21:33 UTC Modified: 2020-05-06 08:31 UTC
From: thomas dot wleight at googlemail dot com Assigned: cmb (profile)
Status: Duplicate Package: PDO MySQL
PHP Version: 7.3.17 OS: Debian 9
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: thomas dot wleight at googlemail dot com
New email:
PHP Version: OS:

 

 [2020-05-05 21:33 UTC] thomas dot wleight at googlemail dot com
Description:
------------
If array "$pdo_parameters" contains only 1 element then everything works as expected and I receive a result. However when "$pdo_parameters" contains more than one I don't receive any results at all without any exception message. PHP errors are active, but I don't see any PDO error message.

Passing more PDO parameters than needed should result in a PDO error.

Test script:
---------------
// db credentials
$dbhost = "localhost"; $dbuser = "user"; $dbpass = "password"; $dbname = "database";

// pdo
$dsn = "mysql:host=".$dbhost.";dbname=".$dbname.";charset=utf8";
$options = [
  PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
  PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
  PDO::ATTR_EMULATE_PREPARES => false
];
$pdo = new PDO($dsn, $dbuser, $dbpass, $options);

$sql = "SELECT * FROM foo WHERE bar > ?";
$pdo_parameters = [ 1, 2, 3 ];
$stmt = $pdo->prepare( $sql );

// PDO exception should be thrown here
$stmt->execute( [ 1, 2, 3 ] );


Expected result:
----------------
Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number in /tmp/test:18 Stack trace: #0 /tmp/test.php(18): PDOStatement->execute(Array) #1 {main} thrown in /tmp/test.php on line 18

Actual result:
--------------
no error

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-05 21:36 UTC] thomas dot wleight at googlemail dot com
"$pdo_parameters = [ 1, 2, 3 ];" can be removed from the code.
but keep this one: "$stmt->execute( [ 1, 2, 3 ] );"
 [2020-05-06 08:31 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-05-06 08:31 UTC] cmb@php.net
Duplicate of bug #77490.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Apr 21 21:01:24 2021 UTC