From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 3 Dec 2006 23:28:00 +0000 (+0000)
Subject: MFB: Added missing check for mismatching number of tokens & bound params in
X-Git-Tag: RELEASE_1_0_0RC1~841
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f01de458578e2c0898fdc60980399f4e75fdd562;p=php

MFB: Added missing check for mismatching number of tokens & bound params in
prepared statement emulation.
---

diff --git a/ext/pdo/pdo_sql_parser.c b/ext/pdo/pdo_sql_parser.c
index 2133efb295..66e682e127 100644
--- a/ext/pdo/pdo_sql_parser.c
+++ b/ext/pdo/pdo_sql_parser.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.10.6 on Thu Nov 23 09:42:00 2006 */
+/* Generated by re2c 0.10.6 on Sun Dec  3 18:28:10 2006 */
 #line 1 "ext/pdo/pdo_sql_parser.re"
 /*
   +----------------------------------------------------------------------+
@@ -352,7 +352,6 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
 		goto clean_up;
 	}
 
-
 	if (stmt->supports_placeholders == query_type && !stmt->named_rewrite_template) {
 		/* query matches native syntax */
 		ret = 0;
@@ -376,7 +375,13 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
 		ret = -1;
 		goto clean_up;
 	}
-	
+
+	if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
+		pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC);
+		ret = -1;
+		goto clean_up;
+	}
+
 	/* what are we going to do ? */
 	
 	if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 2ef69f6748..c6bc1dc5f3 100644
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -132,7 +132,6 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
 		goto clean_up;
 	}
 
-
 	if (stmt->supports_placeholders == query_type && !stmt->named_rewrite_template) {
 		/* query matches native syntax */
 		ret = 0;
@@ -156,7 +155,13 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
 		ret = -1;
 		goto clean_up;
 	}
-	
+
+	if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
+		pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC);
+		ret = -1;
+		goto clean_up;
+	}
+
 	/* what are we going to do ? */
 	
 	if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {