php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80257 variable in the prepared statement not refreshed when multiple call
Submitted: 2020-10-19 13:05 UTC Modified: 2020-10-19 15:07 UTC
From: webmaster at seobytes dot eu Assigned:
Status: Not a bug Package: MySQLi related
PHP Version: 7.3.23 OS: Linux/windows
Private report: No CVE-ID: None
 [2020-10-19 13:05 UTC] webmaster at seobytes dot eu
Description:
------------
When executing a prepared statement to UPDATE a date in some row, then unsetting the variable and then executing the prepared statement again, redeclaring the variable and setting a new date to UPDATE a different ROW, the date written in the database does not change compare with the first execution despite the variable  displaying the proper value just ahead of execution, although execution to UPDATE a date in a loop does not cause any issue.

 Tested on windows server and Linux server. PHP 7.2 and 7.3

Test script:
---------------
$conn = new mysqli($servername, $username, $password, $db);
$stmt=$conn->prepare("UPDATE _products SET product_available_date=? WHERE product_sku=?");
$stmt->bind_param("ss", $product_available_date,$product_sku);
$product_available_date='2020-10-19';
$product_sku='some_value';
$stmt->execute();
unset($product_available_date);
$product_available_date = '2020-12-10';
$product_sku=mysqli_real_escape_string($conn,'someother_value');
echo $product_sku.' '.$product_available_date.'<br>';
$stmt->execute();
$stmt->close();
$conn->close();

Expected result:
----------------
I expect that the value for the variable to be updated in the bind statement as it correctly happen within a loop without the need to close the first statement after execution and redeclaring the prepared statement.


Actual result:
--------------
When written on two lines, and even when unsetting the date, the new value for the date is not passed on to the prepared statement event though the string is correctly passed.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-19 13:35 UTC] webmaster at seobytes dot eu
"even though the string is correctly passed." I know the string with the product_sku is correctly passed as the corresponding row is edited with the incorrect date
 [2020-10-19 15:07 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-10-19 15:07 UTC] requinix@php.net
As shown in the documentation for mysqli_stmt::bind_param, the bound variables you pass to the function are references. When you unset that variable you destroy the reference - and the binding with it.

Don't do that.
 [2020-10-20 06:18 UTC] webmaster at seobytes dot eu
It totally makes sense, thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC