FIX: Freeing metadata entries and clearing the vector (#1596)

jahnvi480 · web-flow · commit add33e6a327c · 2026-04-08T11:20:30.000+05:30
* FIX: Freeing metadata entries and clearing the vector

* Resolving comments
diff --git a/source/pdo_sqlsrv/pdo_stmt.cpp b/source/pdo_sqlsrv/pdo_stmt.cpp
@@ -588,6 +588,15 @@ int pdo_sqlsrv_stmt_execute( _Inout_ pdo_stmt_t *stmt )
 
         SQLRETURN execReturn = core_sqlsrv_execute( driver_stmt, query, query_len );
 
+        // On re-execution, free stale PDO column descriptors and reset the
+        // executed flag so that PDO re-describes columns for the new result
+        // set (see GH#1466). Setting executed = 0 works around a PDO driver
+        // manager optimization that otherwise skips the describe_col call.
+        if ( stmt->columns ) {
+            php_pdo_stmt_set_column_count( stmt, 0 );
+        }
+        stmt->executed = 0;
+
         if ( execReturn == SQL_NO_DATA ) {
             stmt->column_count = 0;
             stmt->row_count = 0;
@@ -612,21 +621,6 @@ int pdo_sqlsrv_stmt_execute( _Inout_ pdo_stmt_t *stmt )
                 stmt->row_count = driver_stmt->row_count;
             }
         }
-
-        // workaround for a bug in the PDO driver manager.  It is fairly simple to crash the PDO driver manager with
-        // the following sequence:
-        // 1) Prepare and execute a statement (that has some results with it)
-        // 2) call PDOStatement::nextRowset until there are no more results
-        // 3) execute the statement again
-        // 4) call PDOStatement::getColumnMeta
-        // It crashes from what I can tell because there is no metadata because there was no call to
-        // pdo_stmt_sqlsrv_describe_col and stmt->columns is NULL on the second call to
-        // PDO::execute.  My guess is that because stmt->executed is true, it optimizes away a necessary call to
-        // pdo_sqlsrv_stmt_describe_col.  By setting the stmt->executed flag to 0, this call is not optimized away
-        // and the crash disappears.
-        if( stmt->columns == NULL ) {
-            stmt->executed = 0;
-        }
     }
     catch( core::CoreException& /*e*/ ) {
 
@@ -1225,11 +1219,9 @@ int pdo_sqlsrv_stmt_next_rowset( _Inout_ pdo_stmt_t *stmt )
 
         core_sqlsrv_next_result( static_cast<sqlsrv_stmt*>( stmt->driver_data ) );
 
-        // clear the current meta data since the new result will generate new meta data
-        driver_stmt->clean_up_results_metadata();
-
-        // if there are no more result sets, return that it failed.
         if( driver_stmt->past_next_result_end == true ) {
+            // Clean up remaining metadata since new_result_set() was not called
+            driver_stmt->clean_up_results_metadata();
             return 0;
         }
 
diff --git a/source/shared/core_stmt.cpp b/source/shared/core_stmt.cpp
@@ -206,11 +206,9 @@ void sqlsrv_stmt::new_result_set( void )
     // delete sensivity data
     clean_up_sensitivity_metadata();
 
-    // reset sqlsrv php type in meta data
-    size_t num_fields = this->current_meta_data.size();
-    for (size_t f = 0; f < num_fields; f++) {
-        this->current_meta_data[f]->reset_php_type();
-    }
+    // delete results metadata from the previous result set
+    // to avoid stale metadata when re-executing a prepared statement
+    clean_up_results_metadata();
 
     // create a new result set
     if( cursor_type == SQLSRV_CURSOR_BUFFERED ) {
diff --git a/source/sqlsrv/stmt.cpp b/source/sqlsrv/stmt.cpp
@@ -571,11 +571,9 @@ PHP_FUNCTION( sqlsrv_next_result )
 
         core_sqlsrv_next_result( stmt, true );
 
-        // clear the current meta data since the new result will generate new meta data
-        stmt->clean_up_results_metadata();
-
         if( stmt->past_next_result_end ) {
-
+            // Clean up remaining metadata since new_result_set() was not called
+            stmt->clean_up_results_metadata();
             RETURN_NULL();
         }
 
diff --git a/test/functional/pdo_sqlsrv/pdo_reexecute_multi_resultset.phpt b/test/functional/pdo_sqlsrv/pdo_reexecute_multi_resultset.phpt
@@ -0,0 +1,138 @@
+--TEST--
+GitHub issue 1466 - Re-executing prepared statement with multiple result sets
+--DESCRIPTION--
+Verifies that re-executing a prepared statement returning multiple result sets
+does not cause a fatal error or return corrupted data.
+--ENV--
+PHPT_EXEC=true
+--SKIPIF--
+<?php require('skipif_mid-refactor.inc'); ?>
+--FILE--
+<?php
+require_once("MsCommon_mid-refactor.inc");
+
+try {
+    $conn = connect();
+    $conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
+    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+    $sql = "
+        SET NOCOUNT ON;
+        DECLARE @id INT = :id;
+        -- Result set 1
+        SELECT @id AS r1col1, 2 AS r1col2, 3 AS r1col3, N'Test' AS r1col4
+        WHERE @id IN (2, 3);
+        -- Result set 2
+        SELECT @id AS r2col1, N'/test.txt' AS r2col2, N'text/plain' AS r2col3
+        WHERE @id IN (2, 3);
+    ";
+
+    $stmt = $conn->prepare($sql);
+
+    $idList = [2, 1, 3];
+    foreach ($idList as $id) {
+        $stmt->bindValue(':id', $id);
+        $stmt->execute();
+
+        // Fetch result set 1
+        $rows1 = $stmt->fetchAll();
+        foreach ($rows1 as $row) {
+            if (!array_key_exists('r1col1', $row)) {
+                throw new RuntimeException("Result set 1 row missing expected column 'r1col1'.");
+            }
+            if ($row['r1col1'] != $id) {
+                throw new RuntimeException("Result set 1 r1col1 expected $id, got {$row['r1col1']}.");
+            }
+        }
+
+        // Move to result set 2
+        $stmt->nextRowset();
+        $rows2 = $stmt->fetchAll();
+        foreach ($rows2 as $row) {
+            if (!array_key_exists('r2col1', $row)) {
+                throw new RuntimeException("Result set 2 row missing expected column 'r2col1'.");
+            }
+            if ($row['r2col1'] != $id) {
+                throw new RuntimeException("Result set 2 r2col1 expected $id, got {$row['r2col1']}.");
+            }
+        }
+
+        $stmt->closeCursor();
+
+        // Verify row counts based on input
+        if ($id == 1) {
+            // id=1 is not in (2,3), so both result sets should be empty
+            if (count($rows1) !== 0 || count($rows2) !== 0) {
+                throw new RuntimeException("Expected empty result sets for id=1.");
+            }
+        } else {
+            // id=2 or id=3 should return one row per result set
+            if (count($rows1) !== 1 || count($rows2) !== 1) {
+                throw new RuntimeException("Expected one row per result set for id=$id.");
+            }
+        }
+    }
+    echo "Test 1 passed: re-execute with closeCursor\n";
+
+    // Test 2: Re-execute without closeCursor (PDO auto-flushes remaining results)
+    // This exercises the flush loop in pdo_sqlsrv_stmt_execute that calls
+    // core_sqlsrv_next_result before the new execute.
+    $stmt2 = $conn->prepare($sql);
+    $stmt2->bindValue(':id', 2);
+    $stmt2->execute();
+    $row = $stmt2->fetch();
+    // Do NOT call nextRowset or closeCursor -- just re-execute immediately
+    $stmt2->bindValue(':id', 3);
+    $stmt2->execute();
+    $rows = $stmt2->fetchAll();
+    if (count($rows) !== 1 || $rows[0]['r1col1'] != 3) {
+        throw new RuntimeException("Test 2 failed: unexpected result after re-execute without closeCursor.");
+    }
+    $stmt2->closeCursor();
+    echo "Test 2 passed: re-execute without closeCursor\n";
+
+    // Test 3: Re-execute when both result sets have the same number of columns
+    // but different column names.  Ensures stale column descriptors are refreshed
+    // even when the column count hasn't changed.
+    $sql3 = "
+        SET NOCOUNT ON;
+        DECLARE @v INT = :val;
+        SELECT @v AS col_a, N'first' AS col_b;
+        SELECT @v AS col_x, N'second' AS col_y;
+    ";
+    $stmt3 = $conn->prepare($sql3);
+    for ($i = 1; $i <= 3; $i++) {
+        $stmt3->bindValue(':val', $i);
+        $stmt3->execute();
+
+        $row1 = $stmt3->fetch();
+        if (!array_key_exists('col_a', $row1) || !array_key_exists('col_b', $row1)) {
+            throw new RuntimeException("Test 3 iteration $i: RS1 missing expected columns.");
+        }
+        if ($row1['col_a'] != $i) {
+            throw new RuntimeException("Test 3 iteration $i: RS1 col_a expected $i, got {$row1['col_a']}.");
+        }
+
+        $stmt3->nextRowset();
+        $row2 = $stmt3->fetch();
+        if (!array_key_exists('col_x', $row2) || !array_key_exists('col_y', $row2)) {
+            throw new RuntimeException("Test 3 iteration $i: RS2 missing expected columns.");
+        }
+        if ($row2['col_x'] != $i) {
+            throw new RuntimeException("Test 3 iteration $i: RS2 col_x expected $i, got {$row2['col_x']}.");
+        }
+
+        $stmt3->closeCursor();
+    }
+    echo "Test 3 passed: same column count, different names\n";
+
+    echo "Done\n";
+} catch (Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+?>
+--EXPECT--
+Test 1 passed: re-execute with closeCursor
+Test 2 passed: re-execute without closeCursor
+Test 3 passed: same column count, different names
+Done
diff --git a/test/functional/sqlsrv/sqlsrv_reexecute_multi_resultset.phpt b/test/functional/sqlsrv/sqlsrv_reexecute_multi_resultset.phpt
@@ -0,0 +1,146 @@
+--TEST--
+GitHub issue 1466 - Re-executing prepared statement with multiple result sets
+--DESCRIPTION--
+Verifies that re-executing a prepared statement returning multiple result sets
+does not cause a fatal error or return corrupted data.
+--SKIPIF--
+<?php require('skipif.inc'); ?>
+--FILE--
+<?php
+require_once('MsCommon.inc');
+
+$conn = connect();
+if ($conn === false) {
+    fatalError("Could not connect.\n");
+}
+
+$sql = "
+    SET NOCOUNT ON;
+    DECLARE @id INT = ?;
+    -- Result set 1
+    SELECT @id AS r1col1, 2 AS r1col2, 3 AS r1col3, N'Test' AS r1col4
+    WHERE @id IN (2, 3);
+    -- Result set 2
+    SELECT @id AS r2col1, N'/test.txt' AS r2col2, N'text/plain' AS r2col3
+    WHERE @id IN (2, 3);
+";
+
+$stmt = sqlsrv_prepare($conn, $sql, array(&$id));
+if ($stmt === false) {
+    fatalError("sqlsrv_prepare failed.\n");
+}
+
+$idList = array(2, 1, 3);
+foreach ($idList as $id) {
+    if (!sqlsrv_execute($stmt)) {
+        fatalError("sqlsrv_execute failed for id=$id.\n");
+    }
+
+    // Fetch result set 1
+    $rowCount1 = 0;
+    while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+        if (!array_key_exists('r1col1', $row)) {
+            fatalError("Result set 1 row missing expected column 'r1col1'.\n");
+        }
+        if ($row['r1col1'] != $id) {
+            fatalError("Result set 1 r1col1 expected $id, got {$row['r1col1']}.\n");
+        }
+        $rowCount1++;
+    }
+
+    // Move to result set 2
+    $nextResult = sqlsrv_next_result($stmt);
+    if ($nextResult === false) {
+        fatalError("sqlsrv_next_result failed for id=$id.\n");
+    }
+
+    $rowCount2 = 0;
+    if ($nextResult !== null) {
+        while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+            if (!array_key_exists('r2col1', $row)) {
+                fatalError("Result set 2 row missing expected column 'r2col1'.\n");
+            }
+            if ($row['r2col1'] != $id) {
+                fatalError("Result set 2 r2col1 expected $id, got {$row['r2col1']}.\n");
+            }
+            $rowCount2++;
+        }
+    }
+
+    // Verify row counts based on input
+    if ($id == 1) {
+        if ($rowCount1 !== 0 || $rowCount2 !== 0) {
+            fatalError("Expected empty result sets for id=1.\n");
+        }
+    } else {
+        if ($rowCount1 !== 1 || $rowCount2 !== 1) {
+            fatalError("Expected one row per result set for id=$id.\n");
+        }
+    }
+}
+sqlsrv_free_stmt($stmt);
+echo "Test 1 passed: re-execute with next_result\n";
+
+// Test 2: Re-execute without consuming all result sets (auto-flush)
+// This exercises the flush loop in sqlsrv_execute that calls
+// core_sqlsrv_next_result before the new execute.
+$id = 2;
+$stmt2 = sqlsrv_prepare($conn, $sql, array(&$id));
+if ($stmt2 === false) {
+    fatalError("sqlsrv_prepare failed for test 2.\n");
+}
+sqlsrv_execute($stmt2);
+$row = sqlsrv_fetch_array($stmt2, SQLSRV_FETCH_ASSOC);
+// Do NOT call sqlsrv_next_result -- just re-execute immediately
+$id = 3;
+if (!sqlsrv_execute($stmt2)) {
+    fatalError("sqlsrv_execute failed for test 2 re-execute.\n");
+}
+$row = sqlsrv_fetch_array($stmt2, SQLSRV_FETCH_ASSOC);
+if (!$row || !array_key_exists('r1col1', $row) || $row['r1col1'] != 3) {
+    fatalError("Test 2 failed: unexpected result after re-execute without next_result.\n");
+}
+sqlsrv_free_stmt($stmt2);
+echo "Test 2 passed: re-execute without next_result\n";
+
+// Test 3: Re-execute when both result sets have the same number of columns
+// but different column names.
+$sql3 = "
+    SET NOCOUNT ON;
+    DECLARE @v INT = ?;
+    SELECT @v AS col_a, N'first' AS col_b;
+    SELECT @v AS col_x, N'second' AS col_y;
+";
+$val = 0;
+$stmt3 = sqlsrv_prepare($conn, $sql3, array(&$val));
+if ($stmt3 === false) {
+    fatalError("sqlsrv_prepare failed for test 3.\n");
+}
+for ($val = 1; $val <= 3; $val++) {
+    if (!sqlsrv_execute($stmt3)) {
+        fatalError("sqlsrv_execute failed for test 3, val=$val.\n");
+    }
+    $row1 = sqlsrv_fetch_array($stmt3, SQLSRV_FETCH_ASSOC);
+    if (!$row1 || !array_key_exists('col_a', $row1) || $row1['col_a'] != $val) {
+        fatalError("Test 3 val=$val: RS1 unexpected result.\n");
+    }
+    $next = sqlsrv_next_result($stmt3);
+    if ($next === false) {
+        fatalError("sqlsrv_next_result failed for test 3, val=$val.\n");
+    }
+    $row2 = sqlsrv_fetch_array($stmt3, SQLSRV_FETCH_ASSOC);
+    if (!$row2 || !array_key_exists('col_x', $row2) || $row2['col_x'] != $val) {
+        fatalError("Test 3 val=$val: RS2 unexpected result.\n");
+    }
+}
+sqlsrv_free_stmt($stmt3);
+echo "Test 3 passed: same column count, different names\n";
+
+sqlsrv_close($conn);
+echo "Done\n";
+?>
+--EXPECT--
+Test 1 passed: re-execute with next_result
+Test 2 passed: re-execute without next_result
+Test 3 passed: same column count, different names
+Done
