Fix for BUG#3567: Disallow several SQL statements inside a Prepared Statement.

2025-07-29 05:21:33 +03:00 · 2004-04-27 03:44:41 +04:00
parent 5bbc955a52
commit b8802c514d
2 changed files with 34 additions and 2 deletions
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@ -882,10 +882,12 @@ int yylex(void *arg, void *yythd)
    case MY_LEX_COLON:			// optional line terminator
      if (yyPeek())
      {
-        if (((THD *)yythd)->client_capabilities & CLIENT_MULTI_STATEMENTS)
+        THD* thd= (THD*)yythd;
+        if ((thd->client_capabilities & CLIENT_MULTI_STATEMENTS) && 
+            (thd->command != COM_PREPARE))
        {
          lex->found_colon=(char*)lex->ptr;
-          ((THD *)yythd)->server_status |= SERVER_MORE_RESULTS_EXISTS;
+          thd->server_status |= SERVER_MORE_RESULTS_EXISTS;
          lex->next_state=MY_LEX_END;
          return(END_OF_INPUT);
        }
--- a/tests/client_test.c
+++ b/tests/client_test.c
@ -4940,6 +4940,34 @@ DROP TABLE IF EXISTS test_multi_tab";
  mysql_close(mysql_local);
 }

+/********************************************************
+* Check that Prepared statement cannot contain several  *
+*  SQL statements                                       *
+*********************************************************/
+static void test_prepare_multi_statements()
+{
+  MYSQL *mysql_local;
+  MYSQL_STMT *stmt;
+  myheader("test_prepare_multi_statements");
+
+  if (!(mysql_local = mysql_init(NULL)))
+  { 
+    fprintf(stdout,"\n mysql_init() failed");
+    exit(1);
+  }
+
+  if (!(mysql_real_connect(mysql_local,opt_host,opt_user,
+                           opt_password, current_db, opt_port,
+                           opt_unix_socket, CLIENT_MULTI_STATEMENTS)))
+  {
+    fprintf(stdout,"\n connection failed(%s)", mysql_error(mysql_local));
+    exit(1);
+  }
+  strmov(query, "select 1; select 'another value'");
+  stmt = mysql_simple_prepare(mysql_local,query);
+  mystmt_init_r(stmt);
+  mysql_close(mysql_local);
+}

 /********************************************************
 * to test simple bind store result                      *
@ -9210,6 +9238,8 @@ int main(int argc, char **argv)
    test_prepare_field_result(); /* prepare meta info */
    test_multi_stmt();      /* multi stmt test */
    test_multi_statements();/* test multi statement execution */
+    test_prepare_multi_statements(); /* check that multi statements are 
+                                       disabled in PS */
    test_store_result();    /* test the store_result */
    test_store_result1();   /* test store result without buffers */
    test_store_result2();   /* test store result for misc case */