PHP apparently does not always throw an Exception when a statement
could not be executed successfully. An example of this is:
$sql = "SELECT ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute([ 1, 2 ]); // returns false
This code is erroneous, as we try to send more parameters than there
are placeholders in the query. Thus execute() properly returns false,
but it does not throw an Exception.
Interestingly enough the reverse case properly throws: Sending less
parameters than placeholders.
try {
if (WCF::benchmarkIsEnabled()) Benchmark::getInstance()->start($this->query, Benchmark::TYPE_SQL_QUERY);
- if (empty($parameters)) $this->pdoStatement->execute();
- else $this->pdoStatement->execute($parameters);
+ if (empty($parameters)) $result = $this->pdoStatement->execute();
+ else $result = $this->pdoStatement->execute($parameters);
+ if (!$result) {
+ $errorInfo = $this->pdoStatement->errorInfo();
+ throw new DatabaseException('Could not execute prepared statement: '.$errorInfo[0].' '.$errorInfo[2], $this->database, $this);
+ }
+
if (WCF::benchmarkIsEnabled()) Benchmark::getInstance()->stop();
}
catch (\PDOException $e) {
projects / GitHub / WoltLab / WCF.git / commitdiff