fix(mysql): validate parameter count for prepared statements

Add validation to ensure the number of provided parameters matches the
expected count for MySQL prepared statements.
This prevents protocol errors by returning an error if the counts do not match before sending
the statement for execution.

Author: cvzx

sqlx-mysql/src/connection/executor.rs

@@ -123,6 +123,14 @@ impl MySqlConnection {
                         .get_or_prepare_statement(sql)
                         .await?;
 
+                    if arguments.types.len() != metadata.parameters {
+                        return Err(Error::Protocol(format!(
+                                    "Prepared statement expected {} parameters but {} parameters where provided",
+                                    metadata.parameters,
+                                    arguments.types.len()
+                        ).into()));
+                    }
+
                     // https://dev.mysql.com/doc/internals/en/com-stmt-execute.html
                     self.inner.stream
                         .send_packet(StatementExecute {
@@ -137,6 +145,14 @@ impl MySqlConnection {
                         .prepare_statement(sql)
                         .await?;
 
+                    if arguments.types.len() != metadata.parameters {
+                        return Err(Error::Protocol(format!(
+                                    "Prepared statement expected {} parameters but {} parameters where provided",
+                                    metadata.parameters,
+                                    arguments.types.len()
+                        ).into()));
+                    }
+
                     // https://dev.mysql.com/doc/internals/en/com-stmt-execute.html
                     self.inner.stream
                         .send_packet(StatementExecute {