Merge pull request #327 from stephen-hlx/fix-StmtParamsMismatch-in-ExecRoutine

blackbeam · web-flow · commit 15b12e882820 · 2025-04-21T13:25:35.000+03:00
Add `DriverError::StmtParamsNumberExceedsLimit`
diff --git a/src/conn/routines/exec.rs b/src/conn/routines/exec.rs
@@ -6,7 +6,7 @@ use mysql_common::{packets::ComStmtExecuteRequestBuilder, params::Params};
 #[cfg(feature = "tracing")]
 use tracing::{field, info_span, Level, Span};
 
-use crate::{BinaryProtocol, Conn, DriverError, Statement};
+use crate::{conn::MAX_STATEMENT_PARAMS, BinaryProtocol, Conn, DriverError, Statement};
 
 use super::Routine;
 
@@ -52,10 +52,16 @@ impl Routine<()> for ExecRoutine<'_> {
                             Span::current().record("mysql_async.query.params", ps);
                         }
 
+                        if params.len() > MAX_STATEMENT_PARAMS {
+                            Err(DriverError::StmtParamsNumberExceedsLimit {
+                                supplied: params.len(),
+                            })?
+                        }
+
                         if self.stmt.num_params() as usize != params.len() {
                             Err(DriverError::StmtParamsMismatch {
                                 required: self.stmt.num_params(),
-                                supplied: params.len() as u16,
+                                supplied: params.len(),
                             })?
                         }
 
diff --git a/src/error/mod.rs b/src/error/mod.rs
@@ -21,6 +21,10 @@ use std::{io, result};
 /// Result type alias for this library.
 pub type Result<T> = result::Result<T, Error>;
 
+/// The maximum number of bind variables supported by MySQL.
+/// https://stackoverflow.com/questions/4922345/how-many-bind-variables-can-i-use-in-a-sql-query-in-mysql-5#comment136409462_11131824
+pub(crate) const MAX_STATEMENT_PARAMS: usize = u16::MAX as usize;
+
 /// This type enumerates library errors.
 #[derive(Debug, Error)]
 pub enum Error {
@@ -135,7 +139,14 @@ pub enum DriverError {
         required,
         supplied
     )]
-    StmtParamsMismatch { required: u16, supplied: u16 },
+    StmtParamsMismatch { required: u16, supplied: usize },
+
+    #[error(
+        "MySQL supports up to {} parameters but {} was supplied.",
+        MAX_STATEMENT_PARAMS,
+        supplied
+    )]
+    StmtParamsNumberExceedsLimit { supplied: usize },
 
     #[error("Unexpected packet.")]
     UnexpectedPacket { payload: Vec<u8> },
