bindValue now uses try_convert_to_string as fallback if it is not any type expected

SakiTakamachi · SakiTakamachi · commit b14f53557256 · 2024-02-13T22:43:48.000+09:00
diff --git a/ext/pdo_mysql/mysql_statement.c b/ext/pdo_mysql/mysql_statement.c
@@ -491,7 +491,10 @@ static int pdo_mysql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_da
 						mysqlnd_stmt_bind_one_param(S->stmt, param->paramno, parameter, MYSQL_TYPE_DOUBLE);
 						break;
 					default:
-						PDO_DBG_RETURN(0);
+						if (!try_convert_to_string(parameter)) {
+							PDO_DBG_RETURN(0);
+						}
+						mysqlnd_stmt_bind_one_param(S->stmt, param->paramno, parameter, MYSQL_TYPE_VAR_STRING);
 				}
 
 				PDO_DBG_RETURN(1);
@@ -531,7 +534,14 @@ static int pdo_mysql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_da
 						PDO_DBG_RETURN(1);
 
 					default:
-						PDO_DBG_RETURN(0);
+						if (!try_convert_to_string(parameter)) {
+							PDO_DBG_RETURN(0);
+						}
+						b->buffer_type = MYSQL_TYPE_STRING;
+						b->buffer = Z_STRVAL_P(parameter);
+						b->buffer_length = Z_STRLEN_P(parameter);
+						*b->length = Z_STRLEN_P(parameter);
+						PDO_DBG_RETURN(1);
 				}
 #endif /* PDO_USE_MYSQLND */
 		case PDO_PARAM_EVT_FREE:
diff --git a/ext/pdo_mysql/tests/gh13384.phpt b/ext/pdo_mysql/tests/gh13384.phpt
@@ -0,0 +1,37 @@
+--TEST--
+GH-13384 Fixed GH-13167 Fixed the behavior when an inappropriate value was passed to `bindValue`.
+--EXTENSIONS--
+pdo_mysql
+--SKIPIF--
+<?php
+require_once __DIR__ . '/inc/mysql_pdo_test.inc';
+MySQLPDOTest::skip();
+?>
+--FILE--
+<?php
+require_once __DIR__ . '/inc/mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
+
+$db->exec('CREATE TABLE test_gh13384 (mode TINYINT)');
+
+$stmt = $db->prepare('INSERT INTO test_gh13384 (mode) VALUES (?)');
+$stmt->bindValue(1, new DateTime(), PDO::PARAM_INT);
+
+var_dump($stmt->execute());
+var_dump($db->errorInfo());
+var_dump($db->query('SELECT * FROM test_gh13384')->fetchAll());
+?>
+--CLEAN--
+<?php
+require_once __DIR__ . '/inc/mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+$db->exec('DROP TABLE IF EXISTS test_gh13384');
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Object of class DateTime could not be converted to string in %s
+Stack trace:
+#0 %s: PDOStatement->execute()
+#1 {main}
+  thrown in %s
