Introduce ValueError for empty string arguments

Girgias · Girgias · commit 9d79ad66ff25 · 2020-09-26T18:50:26.000+01:00
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
@@ -242,6 +242,11 @@ PHP_METHOD(PDO, __construct)
 		Z_PARAM_ARRAY_OR_NULL(options)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (username && usernamelen == 0) {
+		zend_argument_value_error(2, "cannot be empty");
+		RETURN_THROWS();
+	}
+
 	/* parse the data source name */
 	colon = strchr(data_source, ':');
 
@@ -497,9 +502,15 @@ PHP_METHOD(PDO, prepare)
 		Z_PARAM_ARRAY(options)
 	ZEND_PARSE_PARAMETERS_END();
 
-	PDO_DBH_CLEAR_ERR();
 	PDO_CONSTRUCT_CHECK;
 
+	if (statement_len == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	PDO_DBH_CLEAR_ERR();
+
 	if (options && (value = zend_hash_index_find(Z_ARRVAL_P(options), PDO_ATTR_STATEMENT_CLASS)) != NULL) {
 		if (Z_TYPE_P(value) != IS_ARRAY) {
 			zend_type_error("PDO::ATTR_STATEMENT_CLASS's value must be of type array, %s given",
@@ -950,8 +961,15 @@ PHP_METHOD(PDO, lastInsertId)
 		Z_PARAM_STRING_OR_NULL(name, namelen)
 	ZEND_PARSE_PARAMETERS_END();
 
-	PDO_DBH_CLEAR_ERR();
 	PDO_CONSTRUCT_CHECK;
+
+	if (name && namelen == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	PDO_DBH_CLEAR_ERR();
+
 	if (!dbh->methods->last_id) {
 		pdo_raise_impl_error(dbh, NULL, "IM001", "driver does not support lastInsertId()");
 		RETURN_FALSE;
@@ -1060,9 +1078,15 @@ PHP_METHOD(PDO, query)
 		RETURN_THROWS();
 	}
 
-	PDO_DBH_CLEAR_ERR();
 	PDO_CONSTRUCT_CHECK;
 
+	if (statement_len == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	PDO_DBH_CLEAR_ERR();
+
 	if (!pdo_stmt_instantiate(dbh, return_value, dbh->def_stmt_ce, &dbh->def_stmt_ctor_args)) {
 		if (EXPECTED(!EG(exception))) {
 			pdo_raise_impl_error(dbh, NULL, "HY000", "failed to instantiate user supplied statement class");
@@ -1135,8 +1159,14 @@ PHP_METHOD(PDO, quote)
 		Z_PARAM_LONG(paramtype)
 	ZEND_PARSE_PARAMETERS_END();
 
-	PDO_DBH_CLEAR_ERR();
 	PDO_CONSTRUCT_CHECK;
+
+	if (str_len == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	PDO_DBH_CLEAR_ERR();
 	if (!dbh->methods->quoter) {
 		pdo_raise_impl_error(dbh, NULL, "IM001", "driver does not support quoting");
 		RETURN_FALSE;
diff --git a/ext/pdo/pdo_stmt_arginfo.h b/ext/pdo/pdo_stmt_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 395813e5ab7b565718430dd17b8da3fc54889eeb */
+ * Stub hash: 12ba83581b1019e2e0c4565e20682b5e83389cae */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_PDOStatement_bindColumn, 0, 0, 2)
 	ZEND_ARG_TYPE_MASK(0, column, MAY_BE_STRING|MAY_BE_LONG, NULL)
diff --git a/ext/pdo_mysql/tests/pdo_mysql_prepare_emulated.phpt b/ext/pdo_mysql/tests/pdo_mysql_prepare_emulated.phpt
@@ -88,9 +88,11 @@ $db = MySQLPDOTest::factory();
         if (1 != $db->getAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY))
             printf("[002] Unable to switch to emulated prepared statements, test will fail\n");
 
-        // TODO - that's PDO - you can prepare empty statements!
-        prepex(3, $db, '',
-            array(), array('execute' => array('sqlstate' => '42000')));
+        try {
+            prepex(3, $db, '', [], ['execute' => ['sqlstate' => '42000']]);
+        } catch (\ValueError $e) {
+            echo $e->getMessage(), \PHP_EOL;
+        }
 
         // lets be fair and do the most simple SELECT first
         $stmt = prepex(4, $db, 'SELECT 1 as "one"');
@@ -328,6 +330,7 @@ $db->exec('DROP TABLE IF EXISTS test');
 PDO's PS parser has some problems with invalid SQL and crashes from time to time
 (check with valgrind...)
 --EXPECT--
+PDO::prepare(): Argument #1 ($statement) cannot be empty
 array(1) {
   ["one"]=>
   string(1) "1"
diff --git a/ext/pdo_mysql/tests/pdo_mysql_prepare_native.phpt b/ext/pdo_mysql/tests/pdo_mysql_prepare_native.phpt
@@ -99,9 +99,11 @@ $db = MySQLPDOTest::factory();
         if (0 != $db->getAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY))
             printf("[002] Unable to turn off emulated prepared statements\n");
 
-        // TODO - that's PDO - you can prepare empty statements!
-        prepex(3, $db, '',
-            array(), array('prepare' => array('sqlstate' => '42000')));
+        try {
+            prepex(3, $db, '', [], ['prepare' => ['sqlstate' => '42000']]);
+        } catch (\ValueError $e) {
+            echo $e->getMessage(), \PHP_EOL;
+        }
 
         // lets be fair and do the most simple SELECT first
         $stmt = prepex(4, $db, 'SELECT 1 as "one"');
@@ -342,6 +344,7 @@ $db = MySQLPDOTest::factory();
 $db->exec('DROP TABLE IF EXISTS test');
 ?>
 --EXPECT--
+PDO::prepare(): Argument #1 ($statement) cannot be empty
 array(1) {
   [0]=>
   array(1) {
