diff options
author | BohwaZ <bohwaz@github.com> | 2018-11-22 16:57:55 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-11-29 02:16:57 +0100 |
commit | 94ec262fca2e832ab2e1c4f03bc68cbda6aa42ae (patch) | |
tree | ad6275ae1c717f437c968fcf1debea1ed3bb858e | |
parent | 4ac764e8bbe86706fe7c144bf7f410416cd4f120 (diff) | |
download | php-git-94ec262fca2e832ab2e1c4f03bc68cbda6aa42ae.tar.gz |
Fix #77051: Issue with re-binding on SQLite3
We have to call `sqlite3_reset()` before re-binding the parameters.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sqlite3/sqlite3.c | 3 | ||||
-rw-r--r-- | ext/sqlite3/tests/bug77051.phpt | 84 |
3 files changed, 90 insertions, 0 deletions
@@ -37,6 +37,9 @@ PHP NEWS . Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS). (Mizunashi Mana) +- SQLite3: + . Fixed bug #77051 (Issue with re-binding on SQLite3). (BohwaZ) + 06 Dec 2018, PHP 7.2.13 - ftp: diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 5a0ee776b4..4c6b3f11fb 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -1568,6 +1568,9 @@ PHP_METHOD(sqlite3stmt, execute) SQLITE3_CHECK_INITIALIZED(stmt_obj->db_obj, stmt_obj->initialised, SQLite3); + /* Always reset statement before execution, see bug #77051 */ + sqlite3_reset(stmt_obj->stmt); + if (stmt_obj->bound_params) { ZEND_HASH_FOREACH_PTR(stmt_obj->bound_params, param) { zval *parameter; diff --git a/ext/sqlite3/tests/bug77051.phpt b/ext/sqlite3/tests/bug77051.phpt new file mode 100644 index 0000000000..98e45ae88a --- /dev/null +++ b/ext/sqlite3/tests/bug77051.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #77051 SQLite3::bindParam memory bug when missing ::reset call +--SKIPIF-- +<?php require_once(__DIR__ . '/skipif.inc'); ?> +--FILE-- +<?php + +$db = new SQLite3(':memory:'); +$db->enableExceptions(true); + +$stmt = $db->prepare('SELECT :a, :b, ?;'); + +$a = 42; +$stmt->bindParam(':a', $a, SQLITE3_INTEGER); +$stmt->bindValue(':b', 'php'); +$stmt->bindValue(':b', 'PHP'); +$stmt->bindValue(3, 424242); + +echo "Execute statement\n"; +var_dump($res = $stmt->execute()); + +echo "Statement result\n"; +var_dump($res->fetchArray(SQLITE3_NUM)); + +echo "Change binded param to wrong type\n"; +$a = 'TEST'; + +echo "Execute statement\n"; +var_dump($res = $stmt->execute()); + +echo "Statement result\n"; +var_dump($res->fetchArray(SQLITE3_NUM)); + +echo "Change binded values\n"; +$a = 5252552; +$stmt->bindValue(':b', 'TEST'); +$stmt->bindValue(3, '!!!'); + +echo "Execute statement\n"; +var_dump($res = $stmt->execute()); + +echo "Statement result\n"; +var_dump($res->fetchArray(SQLITE3_NUM)); + +?> +--EXPECTF-- +Execute statement +object(SQLite3Result)#3 (0) { +} +Statement result +array(3) { + [0]=> + int(42) + [1]=> + string(3) "PHP" + [2]=> + int(424242) +} +Change binded param to wrong type +Execute statement +object(SQLite3Result)#4 (0) { +} +Statement result +array(3) { + [0]=> + int(0) + [1]=> + string(3) "PHP" + [2]=> + int(424242) +} +Change binded values +Execute statement +object(SQLite3Result)#3 (0) { +} +Statement result +array(3) { + [0]=> + int(5252552) + [1]=> + string(4) "TEST" + [2]=> + string(3) "!!!" +}
\ No newline at end of file |