ID: 41125 User updated by: ed at bronto dot com Reported By: ed at bronto dot com -Status: No Feedback +Status: Open Bug Type: PDO related Operating System: Centos PHP Version: 5.2.1 New Comment:
reopened due to backtrace Previous Comments: ------------------------------------------------------------------------ [2008-05-23 19:48:07] afranco at middlebury dot edu I have the same issue as this bug and am posting here rather than opening a new bug report. I found that the issue is not reliant on usage of quote(), but rather the presence of escaped quotes in the SQL query string. Tested on PHP 5.2CVS-2008-05-23(Snap) Reproduce code: --------------- The following URL has several extended test scripts and source, as well as the MySQL table definition/data to reproduce this bug: http://slug.middlebury.edu/~afranco/PHP_PDO_segfault/ Expected result: ---------------- No errors should occur. Actual result: -------------- Here is the backtrace from running my segfault_test_short.php script: Program received signal SIGSEGV, Segmentation fault. #0 0x4020540c in memcpy () from /lib/tls/libc.so.6 #1 0x40cd543b in pdo_parse_params (stmt=0x8326320, inquery=0x83264ac "SELECT * \nFROM \n\t`az2_explicit_az` \nWHERE \n\t`fk_agent` IN ('Tim O\\'Brien - abcdefghijklmnopqrstuvwxyzabc')\n\t AND `fk_qualifier`=?", inquery_len=129, outquery=0x832636c, outquery_len=0x8326370) at /usr/local/src/php5.2-200805231430/ext/pdo/pdo_sql_parser.c:502 #2 0x40ccee0c in zim_PDOStatement_execute (ht=0, return_value=0x8326710, return_value_ptr=0x0, this_ptr=0x8325cb8, return_value_used=0) at /usr/local/src/php5.2-200805231430/ext/pdo/pdo_stmt.c:482 #3 0x40ea7c5b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb730) at zend_vm_execute.h:200 #4 0x40ea81a7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfffb730) at zend_vm_execute.h:322 #5 0x40ea786e in execute (op_array=0x83242ec) at zend_vm_execute.h:92 #6 0x40e87c08 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php5.2-200805231430/Zend/zend.c:1134 #7 0x40e3fb0e in php_execute_script (primary_file=0xbfffda40) at /usr/local/src/php5.2-200805231430/main/main.c:2005 #8 0x40eef991 in apache_php_module_main (r=0x8522648, display_source_mode=0) at /usr/local/src/php5.2-200805231430/sapi/apache/sapi_apache.c:53 #9 0x40ef06fc in send_php (r=0x8522648, display_source_mode=0, filename=0x85243b0 "") at /usr/local/src/php5.2-200805231430/sapi/apache/mod_php5.c:664 #10 0x40ef0747 in send_parsed_php (r=0x8522648) at /usr/local/src/php5.2-200805231430/sapi/apache/mod_php5.c:679 #11 0x08057b67 in ap_invoke_handler () #12 0x0806a501 in process_request_internal () #13 0x0806a700 in ap_process_request () #14 0x08060a3b in child_main () #15 0x08060dd6 in make_child () #16 0x08060f0a in startup_children () #17 0x0806257c in standalone_main () #18 0x080638b2 in main () ------------------------------------------------------------------------ [2007-04-25 01:00:00] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2007-04-17 20:36:46] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2007-04-17 20:34:45] ed at bronto dot com Description: ------------ Using PDO->quote on a portion of a query to be prepared will result in a seg fault if: - there is a bound parameter after the quoted value - emulated prepares is on (1) - mysql If emulated prepares is off (0), the query fails. This should also be considered a bug. Reproduce code: --------------- //test.php //the mysql table first: create table ed (id int not null, name varchar(255) not null); $db = new PDO('mysql:host=' . HOST . ';dbname=' . NAME, USERNAME, PASSWORD); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1); $search = "o'riley"; $values = array(); $sql = "select id from ed where name like " . $db->quote('%' . $search . '%'); $sth = $db->prepare($sql); $sth->execute($values); echo("here\n"); $values = array('id' => 1233434); $sql = "select id from ed where name like " . $db->quote('%' . $search . '%') . " and id = :id"; $sth = $db->prepare($sql); $sth->execute($values); echo("there\n"); Expected result: ---------------- No errors should occur. Should print "here\nthere\n". Actual result: -------------- [EMAIL PROTECTED] php test.php here Segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41125&edit=1
