From: antleclercq at online dot fr
Operating system: Win2000
PHP version: 5CVS-2005-10-27 (snap)
PHP Bug Type: PDO related
Bug description: PDO unexpected crash on update
Description:
------------
Hi,
I get this stange bug with the following code. I thought it was fixed when
I read the bug report: bugs.php.net/?id=34861, but it seems only
partially.
Create the folowing table in a "test" db under mysql :
CREATE TABLE `test` (
`id` int(11) NOT NULL default '0',
`test1` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `test` VALUES (1, 'test', '');
Using the code below, try posting the following string :
x"'"x:a
(magic_quotes_gpc is on)
I took the latest snapshot for Win2000.
Info : that doesn't crash when using $db->exec($sql).
Antoine
Reproduce code:
---------------
<?php
if (isset($_POST))
{
$string = $_POST["string"];
$db = new PDO("mysql:dbname=test;host=localhost", "##user##",
"##password##");
$sql = "UPDATE test SET test1 = '".$string."' WHERE id = '1'";
$res = $db->prepare($sql);
$res->execute();
}
?>
<form action="" method="POST">
<input type="text" value="<?php if (isset($_POST)){echo
$_POST["string"];}?>" name="string">
</form>
Expected result:
----------------
It should update the record.
Actual result:
--------------
Warning: PDOStatement::execute() [function.execute]: SQLSTATE[HY093]:
Invalid parameter number: no parameters were bound in C:\Program
Files\Apache Group\Apache2\htdocs\test.php on line 16
--
Edit bug report at http://bugs.php.net/?id=35001&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35001&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=35001&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=35001&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=35001&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=35001&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=35001&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=35001&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=35001&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35001&r=support
Expected behavior: http://bugs.php.net/fix.php?id=35001&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=35001&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=35001&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=35001&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35001&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=35001&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=35001&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35001&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=35001&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=35001&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=35001&r=mysqlcfg
