#41125 [NEW]: PDO mysql + quote() + prepare() can result in seg fault

Tue, 17 Apr 2007 13:36:18 -0700 

From:             ed at bronto dot com
Operating system: Centos
PHP version:      5.2.1
PHP Bug Type:     PDO related
Bug description:  PDO mysql + quote() + prepare() can result in seg fault

Description:
------------
Using PDO->quote on a portion of a query to be prepared will result in a
seg fault if:

- there is a bound parameter after the quoted value
- emulated prepares is on (1)
- mysql

If emulated prepares is off (0), the query fails.  This should also be
considered a bug.

Reproduce code:
---------------
//test.php

//the mysql table first: create table ed (id int not null, name
varchar(255) not null);

$db = new PDO('mysql:host=' . HOST . ';dbname=' . NAME, USERNAME,
PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);

$search = "o'riley";

$values = array();
$sql = "select id from ed where name like " . $db->quote('%' . $search .
'%');
$sth = $db->prepare($sql);
$sth->execute($values);
echo("here\n");

$values = array('id' => 1233434);
$sql = "select id from ed where name like " . $db->quote('%' . $search .
'%') . " and id = :id";
$sth = $db->prepare($sql);
$sth->execute($values);
echo("there\n");


Expected result:
----------------
No errors should occur.

Should print "here\nthere\n".

Actual result:
--------------
[EMAIL PROTECTED] php test.php
here
Segmentation fault


-- 
Edit bug report at http://bugs.php.net/?id=41125&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=41125&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=41125&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=41125&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=41125&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=41125&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=41125&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=41125&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=41125&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=41125&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=41125&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=41125&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=41125&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=41125&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=41125&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=41125&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=41125&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=41125&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=41125&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=41125&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=41125&r=mysqlcfg

Reply via email to