#35001 [NEW]: PDO unexpected crash on update

Thu, 27 Oct 2005 07:49:26 -0700 

From:             antleclercq at online dot fr
Operating system: Win2000
PHP version:      5CVS-2005-10-27 (snap)
PHP Bug Type:     PDO related
Bug description:  PDO unexpected crash on update

Description:
------------
Hi,

I get this stange bug with the following code. I thought it was fixed when
I read the bug report: bugs.php.net/?id=34861, but it seems only
partially.

Create the folowing table in a "test" db under mysql :
CREATE TABLE `test` (
  `id` int(11) NOT NULL default '0',
  `test1` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `test` VALUES (1, 'test', '');

Using the code below, try posting the following string :
x"'"x:a

(magic_quotes_gpc is on)

I took the latest snapshot for Win2000.

Info : that doesn't crash when using $db->exec($sql).

Antoine

Reproduce code:
---------------
<?php
if (isset($_POST))
{
        $string = $_POST["string"];
        $db = new PDO("mysql:dbname=test;host=localhost", "##user##",
"##password##");
        $sql = "UPDATE test SET test1 = '".$string."' WHERE id = '1'";
        $res = $db->prepare($sql);
        $res->execute();
}
?>
<form action="" method="POST">
        <input type="text" value="<?php if (isset($_POST)){echo
$_POST["string"];}?>" name="string">
</form>

Expected result:
----------------
It should update the record.

Actual result:
--------------
Warning: PDOStatement::execute() [function.execute]: SQLSTATE[HY093]:
Invalid parameter number: no parameters were bound in C:\Program
Files\Apache Group\Apache2\htdocs\test.php on line 16

-- 
Edit bug report at http://bugs.php.net/?id=35001&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=35001&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=35001&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=35001&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=35001&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=35001&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=35001&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=35001&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=35001&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=35001&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=35001&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=35001&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=35001&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=35001&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=35001&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=35001&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=35001&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=35001&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=35001&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=35001&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=35001&r=mysqlcfg

Reply via email to