Skip to content

Commit ad95c4b

Browse files
devnexendevnexen
committed
feedback
1 parent 81967a2 commit ad95c4b

3 files changed

Lines changed: 27 additions & 23 deletions

File tree

ext/pdo/pdo_stmt.c

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -269,14 +269,9 @@ static bool really_register_bound_param(struct pdo_bound_param_data *param, pdo_
269269
}
270270

271271
if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_STR && param->max_value_len <= 0 && !Z_ISNULL_P(parameter)) {
272-
zend_bool is_false = (Z_TYPE_P(parameter) == IS_FALSE);
273272
if (!try_convert_to_string(parameter)) {
274273
return false;
275274
}
276-
/* the pgsql's driver does not handle empty string for false bound parameters */
277-
if (is_false) {
278-
ZVAL_STR(parameter, ZSTR_CHAR('0'));
279-
}
280275
} else if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_INT && (Z_TYPE_P(parameter) == IS_FALSE || Z_TYPE_P(parameter) == IS_TRUE)) {
281276
convert_to_long(parameter);
282277
} else if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL && Z_TYPE_P(parameter) == IS_LONG) {

ext/pgsql/pgsql.c

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1241,7 +1241,7 @@ static void _php_pgsql_free_params(char **params, uint32_t num_params)
12411241
efree(params);
12421242
}
12431243

1244-
static char **php_pgsql_make_arguments(const HashTable *param_arr, int *num_params)
1244+
static char **php_pgsql_make_arguments(const HashTable *param_arr, int *num_params, uint32_t arg_num)
12451245
{
12461246
/* This conversion is safe because of the limit of number of elements in a table. */
12471247
*num_params = (int) zend_hash_num_elements(param_arr);
@@ -1252,6 +1252,10 @@ static char **php_pgsql_make_arguments(const HashTable *param_arr, int *num_para
12521252
ZVAL_DEREF(tmp);
12531253
if (Z_TYPE_P(tmp) == IS_NULL) {
12541254
params[i] = NULL;
1255+
} else if (Z_TYPE_P(tmp) == IS_TRUE || Z_TYPE_P(tmp) == IS_FALSE) {
1256+
zend_argument_value_error(arg_num, "must not contain boolean values, use a string representation instead");
1257+
_php_pgsql_free_params(params, i);
1258+
return NULL;
12551259
} else {
12561260
zend_string *param_str = zval_try_get_string(tmp);
12571261
if (!param_str) {
@@ -1318,7 +1322,7 @@ PHP_FUNCTION(pg_query_params)
13181322
php_error_docref(NULL, E_NOTICE, "Found results on this connection. Use pg_get_result() to get these results first");
13191323
}
13201324

1321-
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params);
1325+
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params, ZEND_NUM_ARGS());
13221326
if (UNEXPECTED(!params)) {
13231327
RETURN_THROWS();
13241328
}
@@ -1501,7 +1505,7 @@ PHP_FUNCTION(pg_execute)
15011505
php_error_docref(NULL, E_NOTICE, "Found results on this connection. Use pg_get_result() to get these results first");
15021506
}
15031507

1504-
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params);
1508+
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params, ZEND_NUM_ARGS());
15051509
if (UNEXPECTED(!params)) {
15061510
RETURN_THROWS();
15071511
}
@@ -4058,7 +4062,7 @@ PHP_FUNCTION(pg_send_query_params)
40584062
"There are results on this connection. Call pg_get_result() until it returns FALSE");
40594063
}
40604064

4061-
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params);
4065+
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params, 3);
40624066
if (UNEXPECTED(!params)) {
40634067
RETURN_THROWS();
40644068
}
@@ -4213,7 +4217,7 @@ PHP_FUNCTION(pg_send_execute)
42134217
"There are results on this connection. Call pg_get_result() until it returns FALSE");
42144218
}
42154219

4216-
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params);
4220+
params = php_pgsql_make_arguments(Z_ARRVAL_P(pv_param_arr), &num_params, 3);
42174221
if (UNEXPECTED(!params)) {
42184222
RETURN_THROWS();
42194223
}

ext/pgsql/tests/33query_params_bool.phpt

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,33 @@
11
--TEST--
2-
PostgreSQL prepared queries with bool constants
2+
PostgreSQL pg_query_params bool parameter rejection
3+
--EXTENSIONS--
4+
pgsql
35
--SKIPIF--
4-
<?php
5-
include("skipif.inc");
6-
if (!function_exists('pg_prepare')) die('skip function pg_prepare() does not exist');
7-
?>
6+
<?php include("inc/skipif.inc"); ?>
87
--FILE--
98
<?php
109

11-
include('config.inc');
10+
include('inc/config.inc');
1211

1312
$db = pg_connect($conn_str);
1413

15-
$version = pg_version($db);
16-
if ($version['protocol'] >= 3) {
17-
$result = pg_query_params($db, "SELECT * FROM ".$table_name." WHERE num >= $1;", array(true));
18-
// bug occurs with false as it turns out as empty.
19-
$result = pg_query_params($db, "SELECT * FROM ".$table_name." WHERE num <> $1;", array(false));
20-
pg_free_result($result);
14+
try {
15+
pg_query_params($db, "SELECT * FROM ".$table_name." WHERE num >= $1;", array(true));
16+
} catch (ValueError $e) {
17+
echo $e->getMessage() . "\n";
18+
}
19+
20+
try {
21+
pg_query_params($db, "SELECT * FROM ".$table_name." WHERE num <> $1;", array(false));
22+
} catch (ValueError $e) {
23+
echo $e->getMessage() . "\n";
2124
}
25+
2226
pg_close($db);
2327

2428
echo "OK";
2529
?>
2630
--EXPECT--
31+
pg_query_params(): Argument #3 ($params) must not contain boolean values, use a string representation instead
32+
pg_query_params(): Argument #3 ($params) must not contain boolean values, use a string representation instead
2733
OK
28-

0 commit comments

Comments
 (0)