Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Unable to execute statement: nope" in SQLite3 #17157

Closed
bohwaz opened this issue Dec 14, 2024 · 6 comments
Closed

"Unable to execute statement: nope" in SQLite3 #17157

bohwaz opened this issue Dec 14, 2024 · 6 comments
Labels
Bug Extension: sqlite3 Status: Needs Triage

Comments

@bohwaz
Copy link
Contributor

bohwaz commented Dec 14, 2024
edited
Loading

Description

I've just received an automatic bug report and stack trace from a PHP application using SQLite where the error message is:

Unable to execute statement: nope

The Unable to execute statement: part comes from the PHP SQLite3 extension, but the nope part should come from the SQLite library according to the relevant code from PHP extension:

php_sqlite3_error(stmt_obj->db_obj, "Unable to execute statement: %s", sqlite3_errmsg(sqlite3_db_handle(stmt_obj->stmt)));

Except this nope error string does not exist in the SQLite3 library source code… So I don't really see where the nope message is coming from.

This seems weird, and it has been the first time I have ever seen this error message.

Just to make it clear this doesn't come from my PHP code either:

		try {
			$result = $statement->execute();
			return $result;
		}
		catch (\Exception $e)
		{
			throw new DB_Exception($e->getMessage(), 0, $e);
		}

I won't lose sleep for this, but I'm still curious if someone has an idea about where this nope might come from?

PHP Version

8.3.14

Operating System

Debian Bookworm
@SakiTakamachi
Copy link
Member

hmm....

"nope" doesn't seem to be output in php-src either, so I don't know what causes this at the moment...

@bohwaz
Copy link
Contributor Author

bohwaz commented Dec 15, 2024

Yes I grepped for the string in php-src and couldn't find anything really. I also grepped in my repository source code and couldn't find it either.

I thought at first that it might be the SQL statement itself, but it doesn't seem to be possible.

@damianwadley
Copy link
Member

  1. What's the nature of the error handling and reporting? Is there any way the report could contain something more than exactly the contents of that DB_Exception's error message?
  2. Could the source installation have been modified? Could someone have edited the application to inject the "nope" into it, perhaps for debugging, and it's showing up here in the error report?

The only thing I can think of is that sqlite3_errmsg is returning NULL for the error message, that's getting formatted into the string as just "Unable to execute statement: ", and the "nope" is coming from a separate source.

@cmb69
Copy link
Member

cmb69 commented Dec 15, 2024

Possibly something done by an SQLite3 extension?

@SakiTakamachi
Copy link
Member

I've just received an automatic bug report

Could it be that the bug reporting application is inserting "nope" instead of null?

@bohwaz
Copy link
Contributor Author

bohwaz commented Dec 20, 2024

Actually the solution was found on the SQLite3 forum, the error message returned by SQLite can actually be straight from a trigger RAISE() function. So it was just a trigger from a security test.

Interesting, I always thought an error message from a trigger would be prefixed by the name of the trigger, but it is not.

Thanks to everyone helping. I hope this can help someone in the future having the same issue :)

@bohwaz bohwaz closed this as completed Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: sqlite3 Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bohwaz @cmb69 @damianwadley @SakiTakamachi