|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2007-07-27 00:04 UTC] iliaa@php.net
[2007-07-27 18:42 UTC] dominique dot archambault at gmail dot com
[2007-07-28 09:16 UTC] johannes@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Jul 03 22:01:33 2025 UTC |
Description: ------------ Using PHP 5.2.3 and MySQL 5.0.38. If there are placeholders in string constants of an SQL query, and there are also escaped quotes in a string constant (either the same string constant, or a different one), the following error is triggered: Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in <FILE> on line <LINE> Reproduce code: --------------- // WORKS $stmt = $pdo->prepare("SELECT * FROM `test` WHERE `test`.`text` = \"Hello world's! 2007-01-01 00:00:00\""); if ($stmt->execute()) { print "PASSED!\n"; } else { // should not enter this print "FAILED!\n"; var_dump($stmt->errorInfo()); } // DOES NOT WORK $stmt = $pdo->prepare("SELECT * FROM `test` WHERE `test`.`text` = 'Hello world\'s! 2007-01-01 00:00:00'"); // the following execute() call will generate the error if ($stmt->execute()) { print "PASSED!\n"; } else { // will always enter this print "FAILED!\n"; var_dump($stmt->errorInfo()); // will contain: array(1) { [0]=> string(5) "HY093" } } Expected result: ---------------- PASSED! PASSED! Actual result: -------------- PASSED! Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in <FILE> on line <LINE> FAILED! array(1) { [0]=> string(5) "HY093" }