1--TEST-- 2Prepared Statements and SELECT UNION 3--SKIPIF-- 4<?php 5require_once('skipif.inc'); 6require_once('skipifconnectfailure.inc'); 7?> 8--FILE-- 9<?php 10 require_once("connect.inc"); 11 require_once("table.inc"); 12 13 // Regular (non-prepared) queries 14 print "Using CAST('somestring' AS CHAR)...\n"; 15 if (!($res = $link->query("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)"))) 16 printf("[001] [%d] %s\n", $link->errno, $link->error); 17 18 $data = array(); 19 while ($row = $res->fetch_assoc()) { 20 $data[] = $row['column1']; 21 var_dump($row['column1']); 22 } 23 $res->free(); 24 25 // Prepared Statements 26 if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)"))) 27 printf("[002] [%d] %s\n", $link->errno, $link->error); 28 29 $column1 = null; 30 if (!$stmt->execute() || !$stmt->bind_result($column1)) 31 printf("[003] [%d] %s\n", $stmt->errno, $stmt->error); 32 33 $index = 0; 34 while ($stmt->fetch()) { 35 if ($data[$index] != $column1) { 36 printf("[004] Row %d, expecting %s/%s got %s/%s\n", 37 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 38 } 39 $index++; 40 } 41 $stmt->close(); 42 43 if ($IS_MYSQLND) { 44 /* 45 Advantage mysqlnd - 46 The metadata mysqlnd has available after prepare is better than 47 the one made available by the MySQL Client Library (libmysql). 48 "libmysql" will give wrong results and that is OK - 49 http://bugs.mysql.com/bug.php?id=47483 50 */ 51 if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)"))) 52 printf("[005] [%d] %s\n", $link->errno, $link->error); 53 54 $column1 = null; 55 /* Note: bind_result before execute */ 56 if (!$stmt->bind_result($column1) || !$stmt->execute()) 57 printf("[006] [%d] %s\n", $stmt->errno, $stmt->error); 58 59 $index = 0; 60 while ($stmt->fetch()) { 61 if ($data[$index] != $column1) { 62 printf("[007] Row %d, expecting %s/%s got %s/%s\n", 63 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 64 } 65 $index++; 66 } 67 $stmt->close(); 68 } 69 70 // Regular (non-prepared) queries 71 print "Mixing CAST('somestring'AS CHAR), integer and CAST(integer AS CHAR)...\n"; 72 if (!($res = $link->query("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)"))) 73 printf("[008] [%d] %s\n", $link->errno, $link->error); 74 75 $data = array(); 76 while ($row = $res->fetch_assoc()) { 77 $data[] = $row['column1']; 78 } 79 $res->free(); 80 81 // Prepared Statements 82 if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)"))) 83 printf("[009] [%d] %s\n", $link->errno, $link->error); 84 85 $column1 = null; 86 if (!$stmt->execute() || !$stmt->bind_result($column1)) 87 printf("[010] [%d] %s\n", $stmt->errno, $stmt->error); 88 89 $index = 0; 90 while ($stmt->fetch()) { 91 if ($data[$index] != $column1) { 92 printf("[011] Row %d, expecting %s/%s got %s/%s\n", 93 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 94 } 95 var_dump($column1); 96 $index++; 97 } 98 $stmt->close(); 99 100 if ($IS_MYSQLND) { 101 /* Advantage mysqlnd - see above... */ 102 if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)"))) 103 printf("[012] [%d] %s\n", $link->errno, $link->error); 104 105 $column1 = null; 106 if (!$stmt->bind_result($column1) || !$stmt->execute()) 107 printf("[013] [%d] %s\n", $stmt->errno, $stmt->error); 108 109 $index = 0; 110 while ($stmt->fetch()) { 111 if ($data[$index] != $column1) { 112 printf("[014] Row %d, expecting %s/%s got %s/%s\n", 113 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 114 } 115 $index++; 116 } 117 $stmt->close(); 118 } 119 120 print "Using integer only...\n"; 121 if (!($res = $link->query("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2"))) 122 printf("[015] [%d] %s\n", $link->errno, $link->error); 123 124 $data = array(); 125 while ($row = $res->fetch_assoc()) { 126 $data[] = $row['column1']; 127 } 128 $res->free(); 129 130 // Prepared Statements 131 if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2"))) 132 printf("[016] [%d] %s\n", $link->errno, $link->error); 133 134 $column1 = null; 135 if (!$stmt->execute() || !$stmt->bind_result($column1)) 136 printf("[017] [%d] %s\n", $stmt->errno, $stmt->error); 137 138 $index = 0; 139 while ($stmt->fetch()) { 140 if ($data[$index] != $column1) { 141 printf("[018] Row %d, expecting %s/%s got %s/%s\n", 142 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 143 } 144 var_dump($column1); 145 $index++; 146 } 147 $stmt->close(); 148 149 if ($IS_MYSQLND) { 150 /* Advantage mysqlnd - see above */ 151 if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2"))) 152 printf("[019] [%d] %s\n", $link->errno, $link->error); 153 154 $column1 = null; 155 if (!$stmt->bind_result($column1) || !$stmt->execute()) 156 printf("[020] [%d] %s\n", $stmt->errno, $stmt->error); 157 158 $index = 0; 159 while ($stmt->fetch()) { 160 if ($data[$index] != $column1) { 161 printf("[021] Row %d, expecting %s/%s got %s/%s\n", 162 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 163 } 164 $index++; 165 } 166 $stmt->close(); 167 } 168 169 print "Testing bind_param(), strings only...\n"; 170 $two = 'two'; 171 $three = 'three'; 172 if (!($stmt = $link->prepare("SELECT 'one' AS column1 UNION SELECT ? UNION SELECT ?"))) 173 printf("[022] [%d] %s\n", $stmt->errno, $stmt->error); 174 175 $column1 = null; 176 if (!$stmt->bind_param('ss', $three, $two) || !$stmt->execute() || !$stmt->bind_result($column1)) 177 printf("[023] [%d] %s\n", $stmt->errno, $stmt->error); 178 179 $index = 0; 180 $data = array(); 181 while ($stmt->fetch()) { 182 $data[$index++] = $column1; 183 var_dump($column1); 184 } 185 $stmt->close(); 186 187 if ($IS_MYSQLND) { 188 /* Advantage mysqlnd - see above */ 189 $two = 'two'; 190 $three = 'three'; 191 if (!($stmt = $link->prepare("SELECT 'one' AS column1 UNION SELECT ? UNION SELECT ?"))) 192 printf("[024] [%d] %s\n", $stmt->errno, $stmt->error); 193 194 $column1 = null; 195 if (!$stmt->bind_param('ss', $three, $two) || !$stmt->bind_result($column1) || !$stmt->execute()) 196 printf("[025] [%d] %s\n", $stmt->errno, $stmt->error); 197 198 $index = 0; 199 while ($stmt->fetch()) { 200 if ($data[$index] != $column1) { 201 printf("[26] Row %d, expecting %s/%s, got %s/%s\n", 202 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 203 } 204 $index++; 205 } 206 $stmt->close(); 207 } 208 209 print "Testing bind_param(), strings only, with CAST AS CHAR...\n"; 210 $two = 'two'; 211 $three = 'three beers are more than enough'; 212 if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST(? AS CHAR) UNION SELECT CAST(? AS CHAR)"))) 213 printf("[027] [%d] %s\n", $stmt->errno, $stmt->error); 214 215 $column1 = null; 216 if (!$stmt->bind_param('ss', $three, $two) || !$stmt->execute() || !$stmt->bind_result($column1)) 217 printf("[028] [%d] %s\n", $stmt->errno, $stmt->error); 218 219 $index = 0; 220 $data = array(); 221 while ($stmt->fetch()) { 222 $data[$index++] = $column1; 223 var_dump($column1); 224 } 225 $stmt->close(); 226 227 if ($IS_MYSQLND) { 228 /* Advantage mysqlnd - see above */ 229 $two = 'two'; 230 $three = 'three beers are more than enough'; 231 if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST(? AS CHAR) UNION SELECT CAST(? AS CHAR)"))) 232 printf("[029] [%d] %s\n", $stmt->errno, $stmt->error); 233 234 $column1 = null; 235 if (!$stmt->bind_param('ss', $three, $two) || !$stmt->bind_result($column1) || !$stmt->execute()) 236 printf("[030] [%d] %s\n", $stmt->errno, $stmt->error); 237 238 $index = 0; 239 while ($stmt->fetch()) { 240 if ($data[$index] != $column1) { 241 printf("[31] Row %d, expecting %s/%s, got %s/%s\n", 242 $index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1); 243 } 244 $index++; 245 } 246 $stmt->close(); 247 } 248 249 $link->close(); 250 251 print "done!"; 252?> 253--EXPECT-- 254Using CAST('somestring' AS CHAR)... 255string(3) "one" 256string(5) "three" 257string(3) "two" 258Mixing CAST('somestring'AS CHAR), integer and CAST(integer AS CHAR)... 259string(1) "1" 260string(5) "three" 261string(1) "2" 262Using integer only... 263int(1) 264int(303) 265int(2) 266Testing bind_param(), strings only... 267string(3) "one" 268string(5) "three" 269string(3) "two" 270Testing bind_param(), strings only, with CAST AS CHAR... 271string(3) "one" 272string(32) "three beers are more than enough" 273string(3) "two" 274done! 275