fixed several binding problems

1 files changed, 12 insertions, 1 deletions

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index d89f1af3f2..9ea07adcbd 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -111,6 +111,11 @@ PHP_FUNCTION(mysqli_bind_param)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of elements in type definition string doesn't match number of bind variables");
 	}
 
+	if (argc - start != stmt->stmt->param_count) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of variables doesn't match number of parameters in prepared statement");
+		RETURN_FALSE;
+	}
+
 	/* prevent leak if variables are already bound */
 	if (stmt->param.var_cnt) {
 		php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
@@ -236,6 +241,11 @@ PHP_FUNCTION(mysqli_bind_result)
 	
 	var_cnt = argc - start;
 
+	if (var_cnt != stmt->stmt->field_count) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of bind variables doesn't match number of fields in prepared statmement.");
+		RETURN_FALSE;
+	}
+
 	/* prevent leak if variables are already bound */
 	if (stmt->result.var_cnt) {
 		php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
@@ -295,7 +305,8 @@ PHP_FUNCTION(mysqli_bind_result)
 			case MYSQL_TYPE_TIMESTAMP:
 			case MYSQL_TYPE_DECIMAL:
 				stmt->result.buf[ofs].type = IS_STRING; 
-				stmt->result.buf[ofs].buflen = (stmt->stmt->fields) ? stmt->stmt->fields[ofs].length + 1: 256;
+				stmt->result.buf[ofs].buflen =
+					(stmt->stmt->fields) ? (stmt->stmt->fields[ofs].length) ? stmt->stmt->fields[ofs].length + 1: 256: 256;
 				stmt->result.buf[ofs].buffer = (char *)emalloc(stmt->result.buf[ofs].buflen);
 				bind[ofs].buffer_type = MYSQL_TYPE_STRING;
 				bind[ofs].buffer = stmt->result.buf[ofs].buffer;