php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #34233 PDO query parser ignores parameters when surrounded by closed quotes
Submitted: 2005-08-24 13:23 UTC Modified: 2005-09-04 02:47 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: php at sagi dot org Assigned: wez (profile)
Status: Closed Package: PDO related
PHP Version: 5CVS-2005-09-02 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at sagi dot org
New email:
PHP Version: OS:

 

 [2005-08-24 13:23 UTC] php at sagi dot org 
Description:
------------
Running PHP5.1.0RC1, postgresql 8 server with v7.4.7 client libs (pretty sure native prepared statements are disabled).

When trying to execute this query:
$stmt = $db->prepare("SELECT ('0' || :param || '0')");
$stmt->execute(array(':param' => 123));

PDO actually executes this SQL statement: SELECT ('0' || :param || '0'), without replacing :param.

It seems like the parser thinks the whole "0' || :param || '0" part is quoted, though its not.

The query "SELECT (0 || :param || 0)" works as expected.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-01 15:15 UTC] gschlossnagle@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

This works for me in current PHP_5_1 branch using SQLite.
 [2005-09-02 11:23 UTC] php at sagi dot org 
Problem still exists with php5-200509020830, pgsql driver. 

Did not test with any other driver.
 [2005-09-04 00:47 UTC] wez@php.net 
Sounds like a greedy regex in our query parser.
 [2005-09-04 02:47 UTC] edink@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 11:01:28 2025 UTC