php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80257 variable in the prepared statement not refreshed when multiple call
Submitted: 2020-10-19 13:05 UTC Modified: 2020-10-19 15:07 UTC
From: webmaster at seobytes dot eu Assigned:
Status: Not a bug Package: MySQLi related
PHP Version: 7.3.23 OS: Linux/windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: webmaster at seobytes dot eu
New email:
PHP Version: OS:

 

 [2020-10-19 13:05 UTC] webmaster at seobytes dot eu
Description:
------------
When executing a prepared statement to UPDATE a date in some row, then unsetting the variable and then executing the prepared statement again, redeclaring the variable and setting a new date to UPDATE a different ROW, the date written in the database does not change compare with the first execution despite the variable  displaying the proper value just ahead of execution, although execution to UPDATE a date in a loop does not cause any issue.

 Tested on windows server and Linux server. PHP 7.2 and 7.3

Test script:
---------------
$conn = new mysqli($servername, $username, $password, $db);
$stmt=$conn->prepare("UPDATE _products SET product_available_date=? WHERE product_sku=?");
$stmt->bind_param("ss", $product_available_date,$product_sku);
$product_available_date='2020-10-19';
$product_sku='some_value';
$stmt->execute();
unset($product_available_date);
$product_available_date = '2020-12-10';
$product_sku=mysqli_real_escape_string($conn,'someother_value');
echo $product_sku.' '.$product_available_date.'<br>';
$stmt->execute();
$stmt->close();
$conn->close();

Expected result:
----------------
I expect that the value for the variable to be updated in the bind statement as it correctly happen within a loop without the need to close the first statement after execution and redeclaring the prepared statement.


Actual result:
--------------
When written on two lines, and even when unsetting the date, the new value for the date is not passed on to the prepared statement event though the string is correctly passed.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-19 13:35 UTC] webmaster at seobytes dot eu
"even though the string is correctly passed." I know the string with the product_sku is correctly passed as the corresponding row is edited with the incorrect date
 [2020-10-19 15:07 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-10-19 15:07 UTC] requinix@php.net
As shown in the documentation for mysqli_stmt::bind_param, the bound variables you pass to the function are references. When you unset that variable you destroy the reference - and the binding with it.

Don't do that.
 [2020-10-20 06:18 UTC] webmaster at seobytes dot eu
It totally makes sense, thanks.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Oct 17 04:03:34 2021 UTC