php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79769 PDO throws non-PDO exeptions
Submitted: 2020-07-02 04:39 UTC Modified: 2020-07-02 15:11 UTC
From: morozov at tut dot by Assigned:
Status: Not a bug Package: PDO Core
PHP Version: 7.4.7 OS: Linux
Private report: No CVE-ID: None
 [2020-07-02 04:39 UTC] morozov at tut dot by
Description:
------------
When interacting with a PDOStatement object, the consumer should be able to expect all exceptions to be reported as PDOException. However, in certain cases, the extension leaks its internal implementation details and throws an Error.

Test script:
---------------
<?php

$conn = new PDO('sqlite:memory:');
$stmt = $conn->prepare('SELECT ?');

$stmt->bindValue(1, new DateTime());

try {
    $stmt->bindValue(1, new DateTime());
} catch (Throwable $e) {
    echo get_class($e), ': ', $e->getMessage(), PHP_EOL;
}

try {
    $stmt->execute([new DateTime()]);
} catch (Throwable $e) {
    echo get_class($e), ': ', $e->getMessage(), PHP_EOL;
}

// the above seems to be implemented just by casting the value to a string since it behaves exactly as the following:

try {
    (string) (new DateTime());
} catch (Throwable $e) {
    echo get_class($e), ': ', $e->getMessage(), PHP_EOL;
}


Expected result:
----------------
A PDOException is thrown instead of an Error

PDOException: Some message that says that this type cannot be bound to the statement


Actual result:
--------------
Error: Object of class DateTime could not be converted to string

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-02 06:00 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-07-02 06:00 UTC] requinix@php.net
The exception is not coming from PDO. It's coming from PHP. It happened when PDO tried to convert the value to a string, and if your own library tried to do the same thing then PHP would react the same way.
 [2020-07-02 06:41 UTC] morozov at tut dot by
The fact that the library converts something to a string internally is an implementation detail and shouldn't be leaked outside. Otherwise, what type of exceptions should the consumer be catching when using the library?
 [2020-07-02 06:55 UTC] requinix@php.net
It isn't an "implementation detail" when the documentation for bindValue says that the values given to it will be treated as strings by default.
 [2020-07-02 07:21 UTC] nikic@php.net
The user shouldn't be catching the exception, they should be fixing the code that resulted in the exception being thrown. This is the case for all exceptions that subclass Error.
 [2020-07-02 15:11 UTC] morozov at tut dot by
> The user shouldn't be catching the exception, they should be fixing the code that resulted in the exception being thrown. This is the case for all exceptions that subclass Error.

This explains everything. Thank you.

I agree with the “not a bug” resolution.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Aug 12 04:01:27 2020 UTC