PDO MySQL: Check number of bounds params even if none are bound

The check for the number of bound parameters was only executed if
at least one was bound. We should also error if nothing was bound.
With mysqlnd, mysqlnd itself ended up emitting an error, but with
libmysqlclient this error condition would not be detected.

Author: nikic

ext/pdo_mysql/mysql_statement.c

@@ -315,6 +315,15 @@ static int pdo_mysql_stmt_execute(pdo_stmt_t *stmt) /* {{{ */
 	S->done = 0;
 
 	if (S->stmt) {
+		uint32_t num_bound_params =
+			stmt->bound_params ? zend_hash_num_elements(stmt->bound_params) : 0;
+		if (num_bound_params < (uint32_t) S->num_params) {
+			/* too few parameter bound */
+			PDO_DBG_ERR("too few parameters bound");
+			strcpy(stmt->error_code, "HY093");
+			PDO_DBG_RETURN(0);
+		}
+
 		PDO_DBG_RETURN(pdo_mysql_stmt_execute_prepared(stmt));
 	}
 
@@ -403,13 +412,6 @@ static int pdo_mysql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_da
 				PDO_DBG_RETURN(1);
 
 			case PDO_PARAM_EVT_EXEC_PRE:
-				if (zend_hash_num_elements(stmt->bound_params) < (unsigned int) S->num_params) {
-					/* too few parameter bound */
-					PDO_DBG_ERR("too few parameters bound");
-					strcpy(stmt->error_code, "HY093");
-					PDO_DBG_RETURN(0);
-				}
-
 				if (!Z_ISREF(param->parameter)) {
 					parameter = &param->parameter;
 				} else {

ext/pdo_mysql/tests/bug81037.phpt

@@ -32,4 +32,4 @@ require __DIR__ . '/mysql_pdo_test.inc';
 MySQLPDOTest::dropTestTable();
 ?>
 --EXPECT--
-SQLSTATE[HY000]: General error: 2031 No data supplied for parameters in prepared statement
+SQLSTATE[HY093]: Invalid parameter number