From: pumuckel at metropolis dot de Operating system: Linux Gentoo PHP version: 5.2.5 PHP Bug Type: MySQLi related Bug description: bind_param / bind_result and Object member variables
Description: ------------ Mysqli bind_param and bind_result functions are changing object member variables to be references with strange side affects. a) I expect the object to keep the member variable types as is. Currently they change to reference variables with the result of strange side effects when you do not keep this in mind. We have to clone objects before using them for bindings, right now - this is a working workaround. I vote for a bug, at least it should be documented. b) I expect binding on the same variable with different types working. Currently I can manage to get a memory access to arbitrary data, possibly leading to a segmentation fault or security violation. Again, I vote for a bug. Reproduce code: --------------- <?php $hostname = "localhost"; $username = "dbuser"; $password = "dbpassword"; $dbname = "dbname"; class foo { // @var $bar string public $bar; } $foo = new foo; $foo->bar = "foobar"; $db = new mysqli($hostname, $username, $password, $dbname); echo "Test 1: \n"; $stmt = $db->prepare("SELECT ? FOO"); var_dump($foo); // here you can see the bar member var beeing a string $stmt->bind_param("s", $foo->bar); var_dump($foo); // this will show $foo->bar beeing a reference string $stmt->bind_result($one); $stmt->execute(); $stmt->fetch(); $stmt->free_result(); echo("$one\n\n"); // it is getting worse. Binding the same var twice with different // types you can get unexpected results (e.g. binary trash for the // string and misc data for the integer. See next 2 tests. echo "Test 2: \n"; $stmt = $db->prepare("SELECT ? FOO, ? BAR"); var_dump($foo); $stmt->bind_param("si", $foo->bar, $foo->bar); var_dump($foo); $stmt->bind_result($one, $two); $stmt->execute(); $stmt->fetch(); $stmt->free_result(); echo("$one - $two\n\n"); echo "Test 3: \n"; $stmt = $db->prepare("SELECT ? FOO, ? BAR"); var_dump($foo); $stmt->bind_param("is", $foo->bar, $foo->bar); var_dump($foo); $stmt->bind_result($one, $two); $stmt->execute(); $stmt->fetch(); $stmt->free_result(); echo("$one - $two\n\n"); ?> Expected result: ---------------- Test 1: object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } foobar Test 2: object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } foobar - 0 Test 3: object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } 0 - foobar Actual result: -------------- Test 1: object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } object(foo)#5 (1) { ["bar"]=> &string(6) "foobar" } foobar Test 2: object(foo)#5 (1) { ["bar"]=> string(6) "foobar" } object(foo)#5 (1) { ["bar"]=> &string(6) "foobar" } �Pbar - 0 Test 3: object(foo)#5 (1) { ["bar"]=> int(0) } object(foo)#5 (1) { ["bar"]=> &int(0) } 140653124 - 0 -- Edit bug report at http://bugs.php.net/?id=44390&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44390&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44390&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44390&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44390&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44390&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44390&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44390&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44390&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44390&r=support Expected behavior: http://bugs.php.net/fix.php?id=44390&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44390&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44390&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44390&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44390&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44390&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44390&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44390&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44390&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44390&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44390&r=mysqlcfg