Bug #105728 Parameter name overrides query attributes
Submitted: 27 Nov 2021 21:19 Modified: 23 Aug 2022 15:07
Reporter: Bradley Grainger (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:8.0.30 OS:Windows (10)
Assigned to: CPU Architecture:Any

[27 Nov 2021 21:19] Bradley Grainger 
Description:
When a query attribute and a command parameter have the exact same name, Connector/NET overwrites the value for the attribute with the value from the parameter of the same name. This prevents the value of the attribute being retrieved successfully using mysql_query_attribute_string.

It occurs whether the command is prepared or not.

How to repeat:
Use MySQL Server 8.0.26 or later, and install the query_attributes component as per https://dev.mysql.com/doc/refman/8.0/en/query-attributes.html#query-attributes-prerequisit...

Run the following C# code:

using var cmd = new MySqlCommand("select mysql_query_attribute_string('name') as attribute, @name as parameter;", connection);
cmd.Attributes.SetAttribute("name", "attribute");

cmd.Parameters.AddWithValue("name", "parameter");
// workaround: prefix the parameter name with "@"
// cmd.Parameters.AddWithValue("@name", "parameter");

// also happens when preparing the command
// cmd.Prepare();

using var reader = cmd.ExecuteReader();
while (reader.Read())
{
	// prints "parameter"; expect "attribute"
	Console.WriteLine(reader.GetValue(0));
	
	// prints "parameter"
	Console.WriteLine(reader.GetValue(1));
}

Suggested fix:
Connector/NET shouldn't send the names for parameters, but only attributes; it's not expected that adding parameters will also add attributes with the same name.
[30 Nov 2021 9:55] MySQL Verification Team 
Hello Bradley Grainger,

Thank you for the bug report.
Verified as described.

Regards,
Ashwini Patil
[10 Aug 2022 21:19] Daniel Valdez 
This is no longer a bug. Please use our latest release, Connector/NET 8.0.30.
[12 Aug 2022 2:56] Bradley Grainger 
It's fixed if you don't prepare the command, but still broken if you uncomment 'cmd.Prepare();' from my example repro code.
[23 Aug 2022 15:07] Christine Cole 
Posted by developer:
 
Fixed as of the upcoming MySQL Connector/NET 8.0.31 release, and here's the proposed changelog entry from the documentation team:

When a query attribute and a command parameter have the exact same name,
Connector/NET overwrites the value of the attribute with the value from
the parameter, which then prevents using mysql_query_attribute_string to
retrieve an accurate value for the attribute. Connector/NET now removes
all parameter names when sending a prepared statement.

Thank you for the bug report.