added error handling for using direct_query and emulate_prepare in a Column Encryption enabled connection

2017-10-26 13:58:38 -07:00 · 2017-10-26 13:58:38 -07:00 · 631f80a9af
parent 779c39abc2
commit 631f80a9af
4 changed files with 90 additions and 4 deletions
--- a/source/pdo_sqlsrv/pdo_stmt.cpp
+++ b/source/pdo_sqlsrv/pdo_stmt.cpp
@ -1146,9 +1146,19 @@ int pdo_sqlsrv_stmt_param_hook( _Inout_ pdo_stmt_t *stmt,

            // since the param isn't reliable, we don't do anything here
            case PDO_PARAM_EVT_ALLOC:
-                if ( stmt->supports_placeholders == PDO_PLACEHOLDER_NONE && (param->param_type & PDO_PARAM_INPUT_OUTPUT )) {
-                    sqlsrv_stmt* driver_stmt = reinterpret_cast<sqlsrv_stmt*>( stmt->driver_data );
-                    THROW_PDO_ERROR( driver_stmt, PDO_SQLSRV_ERROR_EMULATE_INOUT_UNSUPPORTED );
+                {
+                    pdo_sqlsrv_stmt* driver_stmt = reinterpret_cast<pdo_sqlsrv_stmt*>(stmt->driver_data);
+                    if (driver_stmt->conn->ce_option.enabled) {
+                        if (driver_stmt->direct_query) {
+                            THROW_PDO_ERROR(driver_stmt, PDO_SQLSRV_ERROR_CE_DIRECT_QUERY_UNSUPPORTED);
+                        }
+                        if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
+                            THROW_PDO_ERROR(driver_stmt, PDO_SQLSRV_ERROR_CE_EMULATE_PREPARE_UNSUPPORTED);
+                        }
+                    }
+                    if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE && (param->param_type & PDO_PARAM_INPUT_OUTPUT)) {
+                        THROW_PDO_ERROR(driver_stmt, PDO_SQLSRV_ERROR_EMULATE_INOUT_UNSUPPORTED);
+                    }
                }
                break;
            case PDO_PARAM_EVT_FREE:
--- a/source/pdo_sqlsrv/pdo_util.cpp
+++ b/source/pdo_sqlsrv/pdo_util.cpp
@ -409,6 +409,14 @@ pdo_error PDO_ERRORS[] = {
        SQLSRV_ERROR_SPECIFIED_DRIVER_NOT_FOUND,
        { IMSSP, (SQLCHAR*) "The specified ODBC Driver is not found.", -80, false }
    },
+    {
+        PDO_SQLSRV_ERROR_CE_DIRECT_QUERY_UNSUPPORTED,
+        { IMSSP, (SQLCHAR*) "Connection with Column Encryption enabled do no support PDO::SQLSRV_ATTR_DIRECT_QUERY with binding parameters.", -81, false }
+    },
+    {
+        PDO_SQLSRV_ERROR_CE_EMULATE_PREPARE_UNSUPPORTED,
+        { IMSSP, (SQLCHAR*) "Connection with Column Encryption enabled do no support PDO::ATTR_EMULATE_PREPARES with binding parameters.", -82, false }
+    },
    { UINT_MAX, {} }
 };

--- a/source/pdo_sqlsrv/php_pdo_sqlsrv.h
+++ b/source/pdo_sqlsrv/php_pdo_sqlsrv.h
@ -393,7 +393,9 @@ enum PDO_ERROR_CODES {
    PDO_SQLSRV_ERROR_INVALID_OUTPUT_PARAM_TYPE,
    PDO_SQLSRV_ERROR_INVALID_CURSOR_WITH_SCROLL_TYPE,
    PDO_SQLSRV_ERROR_EMULATE_INOUT_UNSUPPORTED,
-    PDO_SQLSRV_ERROR_INVALID_AUTHENTICATION_OPTION
+    PDO_SQLSRV_ERROR_INVALID_AUTHENTICATION_OPTION,
+    PDO_SQLSRV_ERROR_CE_DIRECT_QUERY_UNSUPPORTED,
+    PDO_SQLSRV_ERROR_CE_EMULATE_PREPARE_UNSUPPORTED
 };

 extern pdo_error PDO_ERRORS[];
--- a/test/functional/pdo_sqlsrv/pdo_ae_unsupported_stmt_attr.phpt
+++ b/test/functional/pdo_sqlsrv/pdo_ae_unsupported_stmt_attr.phpt
@ -0,0 +1,66 @@
+--TEST--
+Test emulate prepare utf8 encoding set at the statement level
+--SKIPIF--
+<?php require('skipif_mid-refactor.inc'); ?>
+--FILE--
+<?php
+require_once("MsCommon_mid-refactor.inc");
+
+try {
+    $connection = connect();
+    $tbname = "TEST";
+    createTable($connection, $tbname, array(new ColumnMeta("int", "id", "IDENTITY(1,1) NOT NULL"), "name" => "nvarchar(max)"));
+} catch (PDOException $e) {
+    var_dump($e->errorInfo);
+}
+
+try {
+    $name = "Edward";
+    $st = $connection->prepare("INSERT INTO $tbname (name) VALUES (:p0)", array(PDO::SQLSRV_ATTR_DIRECT_QUERY => true));
+    $st->execute(array("p0" => $name));
+} catch (PDOException $e) {
+    $error = $e->errorInfo;
+    // expects an exception if Column Encryption is enabled
+    if (isColEncrypted()) {
+        if ($error[0] != "IMSSP" ||
+            $error[1] != -81 ||
+            $error[2] != "Connection with Column Encryption enabled do no support PDO::SQLSRV_ATTR_DIRECT_QUERY with binding parameters.") {
+            echo "An unexpected exception was caught.\n";
+            var_dump($error);
+        }
+    } else {
+        var_dump($error);
+    }
+}
+
+try {
+    $name = "Alphonse";
+    $st = $connection->prepare("INSERT INTO $tbname (name) VALUES (:p0)", array(PDO::ATTR_EMULATE_PREPARES => true));
+    $st->execute(array("p0" => $name));
+} catch (PDOException $e) {
+    $error = $e->errorInfo;
+    // expects an exception if Column Encryption is enabled
+    if (isColEncrypted()) {
+        if ($error[0] != "IMSSP" ||
+            $error[1] != -82 ||
+            $error[2] != "Connection with Column Encryption enabled do no support PDO::ATTR_EMULATE_PREPARES with binding parameters.") {
+            echo "An unexpected exception was caught.\n";
+            var_dump($error);
+        }
+    } else {
+        var_dump($error);
+    }
+}
+
+try {
+    dropTable($connection, $tbname);
+    unset($st);
+    unset($connection);
+} catch (PDOException $e) {
+    var_dump($e->errorInfo);
+}
+
+echo "Done\n";
+?>
+--EXPECT--
+Done