bug41125.phpt 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. --TEST--
  2. Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
  3. --EXTENSIONS--
  4. pdo_mysql
  5. --SKIPIF--
  6. <?php
  7. require_once(__DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
  8. MySQLPDOTest::skip();
  9. ?>
  10. --FILE--
  11. <?php
  12. require_once(__DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
  13. $db = PDOTest::test_factory(__DIR__ . '/common.phpt');
  14. $search = "o'";
  15. $sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
  16. $stmt = $db->prepare($sql);
  17. $stmt->execute();
  18. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
  19. print implode(' - ', $stmt->errorinfo()) ."\n";
  20. print "-------------------------------------------------------\n";
  21. $queries = array(
  22. "SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
  23. "SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
  24. "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
  25. "SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
  26. );
  27. foreach ($queries as $k => $query) {
  28. $stmt = $db->prepare($query);
  29. $stmt->execute(array(1));
  30. printf("[%d] Query: [[%s]]\n", $k + 1, $query);
  31. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
  32. print implode(' - ', $stmt->errorinfo()) ."\n";
  33. print "--------\n";
  34. }
  35. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
  36. $sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
  37. $stmt = $db->prepare($sql);
  38. $id = 'o\'\0';
  39. $stmt->bindParam(':id', $id);
  40. $stmt->execute();
  41. printf("Query: [[%s]]\n", $sql);
  42. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
  43. print implode(' - ', $stmt->errorinfo()) ."\n";
  44. print "-------------------------------------------------------\n";
  45. $queries = array(
  46. "SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND 2 <> :id",
  47. "SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id",
  48. "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id",
  49. "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id",
  50. "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
  51. "SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
  52. "SELECT UPPER(:id) FROM DUAL WHERE '1'",
  53. "SELECT 1 FROM DUAL WHERE '\''",
  54. "SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
  55. "SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
  56. "SELECT 1 FROM DUAL WHERE '\'' = ''''",
  57. "SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
  58. "SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
  59. );
  60. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
  61. $id = 1;
  62. foreach ($queries as $k => $query) {
  63. $stmt = $db->prepare($query);
  64. $stmt->bindParam(':id', $id);
  65. $stmt->execute();
  66. printf("[%d] Query: [[%s]]\n", $k + 1, $query);
  67. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
  68. print implode(' - ', $stmt->errorinfo()) ."\n";
  69. print "--------\n";
  70. }
  71. ?>
  72. --EXPECTF--
  73. 1
  74. 00000 - -
  75. -------------------------------------------------------
  76. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  77. [1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
  78. 00000 - -
  79. --------
  80. [2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
  81. a'0
  82. 00000 - -
  83. --------
  84. [3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
  85. a - b'
  86. 00000 - -
  87. --------
  88. [4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
  89. foo?bar - - '
  90. 00000 - -
  91. --------
  92. Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
  93. O'\0
  94. 00000 - -
  95. -------------------------------------------------------
  96. [1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND 2 <> :id]]
  97. 00000 - -
  98. --------
  99. [2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id]]
  100. 00000 - -
  101. --------
  102. [3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id]]
  103. 00000 - -
  104. --------
  105. [4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id]]
  106. 1
  107. 00000 - -
  108. --------
  109. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  110. [5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
  111. 00000 - -
  112. --------
  113. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  114. [6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
  115. 00000 - -
  116. --------
  117. [7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
  118. 1
  119. 00000 - -
  120. --------
  121. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  122. [8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
  123. 00000 - -
  124. --------
  125. [9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
  126. 1
  127. 00000 - -
  128. --------
  129. [10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
  130. 00000 - -
  131. --------
  132. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  133. [11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
  134. 00000 - -
  135. --------
  136. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in %s on line %d
  137. [12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
  138. 00000 - -
  139. --------
  140. [13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
  141. 1
  142. 00000 - -
  143. --------