PHP :: Bug #63347 :: Different behavior of parameters processing

Bug #63347	Different behavior of parameters processing
Submitted:	2012-10-24 14:06 UTC	Modified:	2012-10-26 03:35 UTC
From:	naquad at gmail dot com	Assigned:	wez (profile)
Status:	Not a bug	Package:	PDO related
PHP Version:	5.4.8	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	naquad at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2012-10-24 14:06 UTC] naquad at gmail dot com

Description:
------------
PDO::ATTR_EMULATE_PREPARES changes behavior of parameter processing.
When it is enabled multiple occurrences of named parameter work as expected, but 
when it is disabled I get "Invalid parameter number" error.

Test script:
---------------
<?php
  $pdo = new PDO('mysql:host=localhost;dbname=test', 'root', '');
  $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); /// remove this line and scirpt works as expected
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $query = $pdo->prepare('select :x = :x');
  $query->bindValue(':x', 1);
  $query->execute();
  $t = $query->fetch();
  var_dump($t);
  $query->closeCursor();

Expected result:
----------------
array(2) {
  '\'1\' = \'1\'' =>
  string(1) "1"
  [0] =>
  string(1) "1"
}

Actual result:
--------------
PDOException: SQLSTATE[HY093]: Invalid parameter number in 
/srv/http/fucktube/app/test.php on line 7

Call Stack:
    0.0002     230552   1. {main}() /srv/http/fucktube/app/test.php:0
    0.0739     246416   2. PDOStatement->execute() 
/srv/http/fucktube/app/test.php:7

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-10-25 04:01 UTC] laruence@php.net

seems native prepare supporting doesn't supports multi-same-name params, it will 
faild in the params number checking

[2012-10-25 04:02 UTC] laruence@php.net

-Assigned To: +Assigned To: wez

[2012-10-25 10:08 UTC] uw@php.net

I consider this bogus: SQL syntax violated. Mapping feature abused to create dynamic SQL, which is against the main argument brought up for PDO's PS fixation.

[2012-10-25 10:15 UTC] naquad at gmail dot com

Its not bogus. You can change the query to something like 'insert into users(login, password, screen_name) values(:login, :password, :login)' and issue will be still ok. And if it is "violated" then why emulated prepares work with this?

[2012-10-26 03:35 UTC] wez@php.net

-Status: Assigned +Status: Not a bug

[2012-10-26 03:35 UTC] wez@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

We can't reimplement the mysql (or any DB) prepared statement support 100% on the 
client side.  Emulated prepares behave differently and this is one of the ways 
that this manifests.   This behavior will not be changed.  If it is important for 
you that this work both ways, then you should write your queries with emulated 
prepares turned off.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 20:00:01 2025 UTC