summaryrefslogtreecommitdiff
path: root/ext/pdo/pdo_sql_parser.re
diff options
context:
space:
mode:
authorRasmus Lerdorf <rasmus@php.net>2013-11-07 18:05:08 -0800
committerRasmus Lerdorf <rasmus@php.net>2013-11-07 18:05:08 -0800
commit890ea8411f908ee8ab84389b42066f66d4a033e6 (patch)
tree08edb6ef8f084534ca1ba7f912e7e3451053062a /ext/pdo/pdo_sql_parser.re
parent8cb128159d07d80aaf751b252a94ff63d7f6ae06 (diff)
downloadphp-git-890ea8411f908ee8ab84389b42066f66d4a033e6.tar.gz
Fix bug #65946 - pdo_sql_parser.c permanently converts values bound to strings
Diffstat (limited to 'ext/pdo/pdo_sql_parser.re')
-rw-r--r--ext/pdo/pdo_sql_parser.re23
1 files changed, 13 insertions, 10 deletions
diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 1936a37340..fa8ef187fa 100644
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -228,7 +228,9 @@ safe:
}
plc->freeq = 1;
} else {
- switch (Z_TYPE_P(param->parameter)) {
+ zval tmp_param = *param->parameter;
+ zval_copy_ctor(&tmp_param);
+ switch (Z_TYPE(tmp_param)) {
case IS_NULL:
plc->quoted = "NULL";
plc->qlen = sizeof("NULL")-1;
@@ -236,20 +238,20 @@ safe:
break;
case IS_BOOL:
- convert_to_long(param->parameter);
-
+ convert_to_long(&tmp_param);
+ /* fall through */
case IS_LONG:
case IS_DOUBLE:
- convert_to_string(param->parameter);
- plc->qlen = Z_STRLEN_P(param->parameter);
- plc->quoted = Z_STRVAL_P(param->parameter);
- plc->freeq = 0;
+ convert_to_string(&tmp_param);
+ plc->qlen = Z_STRLEN(tmp_param);
+ plc->quoted = estrdup(Z_STRVAL(tmp_param));
+ plc->freeq = 1;
break;
default:
- convert_to_string(param->parameter);
- if (!stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL_P(param->parameter),
- Z_STRLEN_P(param->parameter), &plc->quoted, &plc->qlen,
+ convert_to_string(&tmp_param);
+ if (!stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL(tmp_param),
+ Z_STRLEN(tmp_param), &plc->quoted, &plc->qlen,
param->param_type TSRMLS_CC)) {
/* bork */
ret = -1;
@@ -258,6 +260,7 @@ safe:
}
plc->freeq = 1;
}
+ zval_dtor(&tmp_param);
}
} else {
plc->quoted = Z_STRVAL_P(param->parameter);
View Lorry Controller Status