BUG32497631: Prepared statements fail when parameters are not given

This patch fixes the failure when using the C extension and executing
prepared statements with placeholders but without given parameters.

The change mimics the pure Python implementation by preparing but not
executing the statement for this scenario.

A test was added for regression.

Author: nmariz

CHANGES.txt

@@ -15,6 +15,7 @@ v8.0.24
 - WL#14239: Remove Python 2.7 support
 - WL#14212: Support connection close notification
 - WL#14027: Add support for Python 3.9
+- BUG#32497631: Prepared statements fail when parameters are not given
 - BUG#32435181: Add support for Django 3.2
 - BUG#32162928: Change user command fails on pure python implementation
 - BUG#32120659: Prepared statements w/o parameters violates MySQL protocol

lib/mysql/connector/cursor.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2009, 2020, Oracle and/or its affiliates.
+# Copyright (c) 2009, 2021, Oracle and/or its affiliates.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0, as
@@ -1174,7 +1174,7 @@ def _handle_result(self, result):
             elif 'server_status' in result[2]:
                 self._handle_server_status(result[2]['server_status'])
 
-    def execute(self, operation, params=(), multi=False):  # multi is unused
+    def execute(self, operation, params=None, multi=False):  # multi is unused
         """Prepare and execute a MySQL Prepared Statement
 
         This method will preare the given operation and execute it using
@@ -1211,12 +1211,14 @@ def execute(self, operation, params=(), multi=False):  # multi is unused
 
         if self._prepared['parameters'] and not params:
             return
-        elif len(self._prepared['parameters']) != len(params):
+        elif params and len(self._prepared['parameters']) != len(params):
             raise errors.ProgrammingError(
                 errno=1210,
                 msg="Incorrect number of arguments " \
                     "executing prepared statement")
 
+        if params is None:
+            params = ()
         res = self._connection.cmd_stmt_execute(
             self._prepared['statement_id'],
             data=params,

lib/mysql/connector/cursor_cext.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2014, 2020, Oracle and/or its affiliates.
+# Copyright (c) 2014, 2021, Oracle and/or its affiliates.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0, as
@@ -911,7 +911,7 @@ def reset(self, free=True):
             self._cnx.cmd_stmt_reset(self._stmt)
         super(CMySQLCursorPrepared, self).reset(free=free)
 
-    def execute(self, operation, params=(), multi=False):  # multi is unused
+    def execute(self, operation, params=None, multi=False):  # multi is unused
         """Prepare and execute a MySQL Prepared Statement
 
         This method will preare the given operation and execute it using
@@ -956,12 +956,16 @@ def execute(self, operation, params=(), multi=False):  # multi is unused
 
         self._cnx.cmd_stmt_reset(self._stmt)
 
-        if params and self._stmt.param_count != len(params):
+        if self._stmt.param_count > 0 and not params:
+            return
+        elif params and self._stmt.param_count != len(params):
             raise errors.ProgrammingError(
                 errno=1210,
                 msg="Incorrect number of arguments executing prepared "
                     "statement")
 
+        if params is None:
+            params = ()
         res = self._cnx.cmd_stmt_execute(self._stmt, *params)
         if res:
             self._handle_result(res)

tests/test_bugs.py

@@ -6061,3 +6061,30 @@ def tearDown(self):
         # cleanup users
         for new_user in self.users:
             cnx.cmd_query("DROP USER IF EXISTS '{user}'@'{host}'".format(**new_user))
+
+
+class BugOra32497631(tests.MySQLConnectorTests):
+    """BUG#32497631: PREPARED STMT FAILS ON CEXT WHEN PARAMS ARE NOT GIVEN"""
+
+    table_name = "BugOra32497631"
+
+    @foreach_cnx()
+    def test_prepared_statement_parameters(self):
+        self.cnx.cmd_query(f"DROP TABLE IF EXISTS {self.table_name}")
+        self.cnx.cmd_query(
+            f"CREATE TABLE {self.table_name} (name VARCHAR(255))"
+        )
+        with self.cnx.cursor(prepared=True) as cur:
+            query = f"INSERT INTO {self.table_name} (name) VALUES (?)"
+            # If the query has placeholders and no parameters is given,
+            # the statement is prepared but not executed
+            cur.execute(query)
+
+            # Test with parameters
+            cur.execute(query, ("foo",))
+            cur.execute(query, ("bar",))
+
+            cur.execute(f"SELECT name FROM {self.table_name}")
+            rows = cur.fetchall()
+            self.assertEqual(2, len(rows))
+        self.cnx.cmd_query(f"DROP TABLE IF EXISTS {self.table_name}")