MFH: Fix #32009 crash when mssql_bind() is called more than once

Author: fmk

NEWS

@@ -4,6 +4,7 @@ PHP                                                                        NEWS
 - Fixed bug #35278 (Multiple virtual() calls crash Apache 2 php module). (Ilia)
 - Fixed bug #35273 (Error in mapping soap - java types). (Dmitry)
 - Fixed bug #33153 (crash in mssql_next result). (Frank)
+- Fixed bug #32009 (crash when mssql_bind() is called more than once). (Frank)
 
 17 Nov 2005, PHP 5.1 Release Candidate 6
 - Changed function parameter parsing to handle integers in a non-strict fashion

ext/mssql/php_mssql.c

@@ -2116,17 +2116,22 @@ PHP_FUNCTION(mssql_bind)
 		zend_hash_init(statement->binds, 13, NULL, _mssql_bind_hash_dtor, 0);
 	}
 
-	memset((void*)&bind,0,sizeof(mssql_bind));
-	zend_hash_add(statement->binds,Z_STRVAL_PP(param_name),Z_STRLEN_PP(param_name),&bind,sizeof(mssql_bind),(void **)&bindp);
-	if( NULL == bindp ) RETURN_FALSE;
-	bindp->zval=*var;
-	zval_add_ref(var);
-
-	/* no call to dbrpcparam if RETVAL */
-	if ( strcmp("RETVAL",Z_STRVAL_PP(param_name))!=0 ) {						
-		if (dbrpcparam(mssql_ptr->link, Z_STRVAL_PP(param_name), (BYTE)status, type, maxlen, datalen, (LPBYTE)value)==FAIL) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set parameter");
-			RETURN_FALSE;
+	if (zend_hash_exists(statement->binds, Z_STRVAL_PP(param_name), Z_STRLEN_PP(param_name))) {
+		RETURN_FALSE;
+	}
+	else {
+		memset((void*)&bind,0,sizeof(mssql_bind));
+		zend_hash_add(statement->binds, Z_STRVAL_PP(param_name), Z_STRLEN_PP(param_name), &bind, sizeof(mssql_bind), (void **)&bindp);
+		if( NULL == bindp ) RETURN_FALSE;
+		bindp->zval=*var;
+		zval_add_ref(var);
+	
+		/* no call to dbrpcparam if RETVAL */
+		if ( strcmp("RETVAL",Z_STRVAL_PP(param_name))!=0 ) {						
+			if (dbrpcparam(mssql_ptr->link, Z_STRVAL_PP(param_name), (BYTE)status, type, maxlen, datalen, (LPBYTE)value)==FAIL) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to set parameter");
+				RETURN_FALSE;
+			}
 		}
 	}