search

dg / dibi

Dibi - smart database abstraction layer
https://dibiphp.com
Other
487 stars 136 forks source link

MSSQL T-SQL Stored Procedures Return NoDataResult #312

Closed CloudTheWolf closed 5 years ago

CloudTheWolf commented 6 years ago

Version: 4.0.0

Bug Description

Running T-SQL Exec Queried to call a stored procedure results in the following error:

object(Dibi\Result)#12 (7) { ["driver":"Dibi\Result":private]=> object(Dibi\Drivers\NoDataResult)#11 (1) { ["rows":"Dibi\Drivers\NoDataResult":private]=> int(1) } ["types":"Dibi\Result":private]=> array(0) { } ["meta":"Dibi\Result":private]=> NULL ["fetched":"Dibi\Result":private]=> bool(false) ["rowClass":"Dibi\Result":private]=> string(8) "Dibi\Row" ["rowFactory":"Dibi\Result":private]=> NULL ["formats":"Dibi\Result":private]=> array(2) { ["d"]=> NULL ["dt"]=> NULL } }

Steps To Reproduce

Create a simple table (Eg users) with columns ID, firstName and lastName and insert some dummy data.

Create a Stored Procedure Eg. SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO create procedure [getUsersByName] @firstName varchar(255) AS BEGIN SELECT * FROM users where firstName = @firstName END GO

Then add the following PHP $Users = $database->query("exec getUsersByName @firstName='".$_POST['firstName']."'"); foreach($Users as $User){ echo('

'.$User->firstName.' '.$User->lastName.' ('.$User->id.')

'); }

Expected Behavior

It should be able to pull the data from the database in the same way that running $Users = $database->query("SELECT * FROM users where firstName = '".$_POST['firstName']."'");

milo commented 6 years ago

Hi, aside from you issue, you are using Dibi in a wrong way, open to SQL injection. You must not pass unknown parameters from client directly to SQL query. The correct way is:

$Users = $database->query('exec getUsersByName @firstName = ?', $_POST['firstName']);

According to your issue... I cannot reproduce it. I'm using:

I create table, fills it by data, create stored procedure and after exec call by Dibi, I'll get all matching rows.

CloudTheWolf commented 6 years ago

Hmmm Strange

I am Running PHP 7.2.7 (x64) with sqlsrv 5.3.0+11108 and Dibi 4.0.0. I can only guess it's either a 7.2.7 issue (I can change this and test) or it's because the SQL Server is running 2008 (Unfortunately I can't change this, so would need to code my way around this)

milo commented 6 years ago

Maybe version of Native Client is important. I have Microsoft SQL Server 2012 Native Client (11.3.6540.0)

milo commented 6 years ago

It works with PHP 7.2.8 too.

maegnes commented 5 years ago

I had the same issue with some of my stored procedures. I could fix this issue by the usage of "SET NOCOUNT ON".

PHP 7.3.2 Dibi 4.0.1

CloudTheWolf commented 5 years ago

This looks to have been an issue on the SQL Server side as it has been migrated to a new server and not had this issue since.