checking needs an update

uwendel at mysql dot com Tue, 19 Feb 2008 07:52:38 -0800

From:             uwendel at mysql dot com
Operating system: Linux
PHP version:      5.3CVS-2008-02-19 (CVS)
PHP Bug Type:     PDO related
Bug description:  PDO->query() parameter parsing/checking needs an update


Description:
------------
Parameter parsing/checking by PDO->query() should be updated to todays
standards. I would like to see it be more strict and follow ideas from new
code, e.g. do not accept object/arrays for scalar (int) parameter.

[1] PDO->query() -> Warning: query(): could not obtain parameters for
parsing

[2] assert(PDO::FETCH_CLASS != 1); PDO->query("SELECT ...", 1, 1, 1) ->
four arguments make only sense for mode = PDO::FETCH_CLASS but 1 !=
PDO::FETCH_CLASS, I'd expect to see a warning

[3] $mode = new stdClass();
PDO->query('SELECT ...', $mode) -> Notice + PDOStatement returned ($mode
cast to 1 I guess)

[4] PDO->query('SELECT ..., 2, 3, 4, 5) --> two many arguments in any case
according to http://de.php.net/manual/en/function.PDO-query.php





Reproduce code:
---------------
[1] [EMAIL PROTECTED]:~/php53> sapi/cli/php -r 'error_reporting(E_ALL);
$pdo=new PDO("mysql:dbname=phptest;unix_socket=/tmp/mysql.sock", "root",
"root"); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE test(id
INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)");
var_dump($pdo->query());'

Warning: query(): could not obtain parameters for parsing in Command line
code on line 1
bool(false)

[2] [EMAIL PROTECTED]:~/php53> sapi/cli/php -r 'error_reporting(E_ALL);
$pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres
password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE
test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new
stdClass(); var_dump($pdo->query("SELECT id FROM test", 1, 1, 1));'
object(PDOStatement)#3 (1) {
  ["queryString"]=>
  string(19) "SELECT id FROM test"
}

[2] [EMAIL PROTECTED]:~/php53> sapi/cli/php -r 'error_reporting(E_ALL);
$pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres
password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE
test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new
stdClass(); assert(PDO::FETCH_CLASS != 1); var_dump($pdo->query("SELECT id
FROM test", 1, 1, 1));'
object(PDOStatement)#3 (1) {
  ["queryString"]=>
  string(19) "SELECT id FROM test"
}

[3] [EMAIL PROTECTED]:~/php53> sapi/cli/php -r 'error_reporting(E_ALL);
$pdo=new PDO("sqlite:/tmp/foo.db"); @$pdo->exec("DROP TABLE test");
$pdo->exec("CREATE TABLE test(id INT)"); $pdo->exec("INSERT INTO test(id)
VALUES (1)"); $mode = new stdClass(); var_dump($pdo->query("SELECT id FROM
test", $mode));'

Notice: Object of class stdClass could not be converted to int in Command
line code on line 1
object(PDOStatement)#3 (1) {
  ["queryString"]=>
  string(19) "SELECT id FROM test"
}

[4] [EMAIL PROTECTED]:~/php53> sapi/cli/php -r 'error_reporting(E_ALL);
$pdo=new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres
password="); @$pdo->exec("DROP TABLE test"); $pdo->exec("CREATE TABLE
test(id INT)"); $pdo->exec("INSERT INTO test(id) VALUES (1)"); $mode = new
stdClass(); assert(PDO::FETCH_CLASS != 2); var_dump($pdo->query("SELECT id
FROM test", 2, 3, 4, 5));'
object(PDOStatement)#3 (1) {
  ["queryString"]=>
  string(19) "SELECT id FROM test"
}


Expected result:
----------------
Just have a closer look at the function, play with the parameter and make
it be a bit stricter and throw more hints for the user.


-- 
Edit bug report at http://bugs.php.net/?id=44173&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=44173&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=44173&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=44173&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=44173&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=44173&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=44173&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=44173&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=44173&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=44173&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=44173&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=44173&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=44173&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=44173&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=44173&r=php4
Daylight Savings:             http://bugs.php.net/fix.php?id=44173&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=44173&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=44173&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=44173&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=44173&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=44173&r=mysqlcfg

#44173 [NEW]: PDO->query() parameter parsing/checking needs an update

Reply via email to