From: pumuckel at metropolis dot de
Operating system: Linux Gentoo
PHP version: 5.2.5
PHP Bug Type: MySQLi related
Bug description: bind_param / bind_result and Object member variables
Description:
------------
Mysqli bind_param and bind_result functions are changing object member
variables to be references with strange side affects.
a) I expect the object to keep the member variable types as is. Currently
they change to reference variables with the result of strange side effects
when you do not keep this in mind. We have to clone objects before using
them for bindings, right now - this is a working workaround. I vote for a
bug, at least it should be documented.
b) I expect binding on the same variable with different types working.
Currently I can manage to get a memory access to arbitrary data, possibly
leading to a segmentation fault or security violation. Again, I vote for a
bug.
Reproduce code:
---------------
<?php
$hostname = "localhost";
$username = "dbuser";
$password = "dbpassword";
$dbname = "dbname";
class foo {
// @var $bar string
public $bar;
}
$foo = new foo;
$foo->bar = "foobar";
$db = new mysqli($hostname, $username, $password, $dbname);
echo "Test 1: \n";
$stmt = $db->prepare("SELECT ? FOO");
var_dump($foo); // here you can see the bar member var beeing a string
$stmt->bind_param("s", $foo->bar);
var_dump($foo); // this will show $foo->bar beeing a reference string
$stmt->bind_result($one);
$stmt->execute();
$stmt->fetch();
$stmt->free_result();
echo("$one\n\n");
// it is getting worse. Binding the same var twice with different
// types you can get unexpected results (e.g. binary trash for the
// string and misc data for the integer. See next 2 tests.
echo "Test 2: \n";
$stmt = $db->prepare("SELECT ? FOO, ? BAR");
var_dump($foo);
$stmt->bind_param("si", $foo->bar, $foo->bar);
var_dump($foo);
$stmt->bind_result($one, $two);
$stmt->execute();
$stmt->fetch();
$stmt->free_result();
echo("$one - $two\n\n");
echo "Test 3: \n";
$stmt = $db->prepare("SELECT ? FOO, ? BAR");
var_dump($foo);
$stmt->bind_param("is", $foo->bar, $foo->bar);
var_dump($foo);
$stmt->bind_result($one, $two);
$stmt->execute();
$stmt->fetch();
$stmt->free_result();
echo("$one - $two\n\n");
?>
Expected result:
----------------
Test 1:
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
foobar
Test 2:
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
foobar - 0
Test 3:
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
0 - foobar
Actual result:
--------------
Test 1:
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
object(foo)#5 (1) {
["bar"]=>
&string(6) "foobar"
}
foobar
Test 2:
object(foo)#5 (1) {
["bar"]=>
string(6) "foobar"
}
object(foo)#5 (1) {
["bar"]=>
&string(6) "foobar"
}
�Pb�ar - 0
Test 3:
object(foo)#5 (1) {
["bar"]=>
int(0)
}
object(foo)#5 (1) {
["bar"]=>
&int(0)
}
140653124 - 0
--
Edit bug report at http://bugs.php.net/?id=44390&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44390&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44390&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44390&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44390&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44390&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44390&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44390&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44390&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44390&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44390&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44390&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44390&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44390&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44390&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44390&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44390&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44390&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44390&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44390&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44390&r=mysqlcfg
