php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43130 bind parameter cannot contain dashes
Submitted: 2007-10-29 18:07 UTC Modified: 2007-12-08 17:21 UTC
Votes:124
Avg. Score:3.3 ± 1.3
Reproduced:42 of 70 (60.0%)
Same Version:25 (59.5%)
Same OS:19 (45.2%)
From: joel at purerave dot com Assigned: iliaa (profile)
Status: Wont fix Package: PDO related
PHP Version: 5.2.4 OS: Windows XP Home
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: joel at purerave dot com
New email:
PHP Version: OS:

 

 [2007-10-29 18:07 UTC] joel at purerave dot com 
Description:
------------
Parameters to bind in a prepared statement cannot contain dashes (-) in the name. It probably assumes that "-value" should be another variable.

If this cannot be fixed, then at least update the documentation to make it clear what names can and cannot be used. Using {} around the variable name would be nice too!

Reproduce code:
---------------
$db = new PDO("mysql:host=localhost;dbname=testing", 'xxxx', 'xxxx');
$stmt = $db->prepare("SELECT id FROM testing WHERE id=:id-value");
$stmt->bindParam(':id-value', $id);
$id = 1;
$stmt->execute();
var_dump($stmt->fetch());

Expected result:
----------------
array(2) { ["id"]=>  string(1) "1" [0]=>  string(1) "1" }

Actual result:
--------------
Warning: PDOStatement::execute() [function.PDOStatement-execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\htdocs\test.php on line 8
bool(false)

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-29 22:37 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2007-10-30 09:51 UTC] uw@php.net 
I disagree with the decision to allow "-" in parameter names. Parameter names should consist of [a-zA-Z] and nothing else. "-" is an operator in most databases. 

For BC compatibility I'm also fine with the old pattern [:][a-zA-Z0-9_]+ . Though I must say, that I'd prefer [:][a-zA-Z]+[a-zA-Z0-9_]+, don't allow ":0". ":0" looks a bit like "operator" + "number"...

However, the underlying problem here is that there is absolutely no specification for PDO. This makes PDO a guessing game and error prone.
 [2007-12-08 17:21 UTC] sfox@php.net 
The fix for this bug that went into CVS on 29th Oct was reverted on 26th Nov following advice from various database experts.

See http://news.php.net/php.cvs/46848, http://news.php.net/php.cvs/47302 and anything else on that thread for details.
 [2011-12-27 16:48 UTC] mariuz@php.net 
Automatic comment from SVN on behalf of mariuz
Revision: http://svn.php.net/viewvc/?view=revision&revision=321439
Log: http://gcov.php.net/viewer.php?version=PHP_5_3&func=tests&file=ext%2Fpdo_firebird%2Ftests%2Fbug_43130.phpt
fix failure for bug 43130
 [2018-10-25 16:28 UTC] neelaraghavendra1 at gmail dot com 
i cant store php form data in mysql
 [2020-03-08 17:24 UTC] vinocuek51 at gmail dot com 
The following pull request has been associated:

Patch Name: fix typo: mysqlx => mysqlx_x
On GitHub:  https://github.com/php/pecl-database-mysql_xdevapi/pull/8
Patch:      https://github.com/php/pecl-database-mysql_xdevapi/pull/8.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC