PHP :: Doc Bug #70120 :: PDO::prepare - First argument does not have to be a valid SQL statement

Doc Bug #70120	PDO::prepare - First argument does not have to be a valid SQL statement
Submitted:	2015-07-23 21:01 UTC	Modified:	2015-07-29 00:18 UTC
From:	chealer at gmail dot com	Assigned:	cmb (profile)
Status:	Closed	Package:	PDO related
PHP Version:	Irrelevant	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	chealer at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-07-23 21:01 UTC] chealer at gmail dot com

Description:
------------
statement

This must be a valid SQL statement for the target database server.
---
From manual page: http://www.php.net/pdo.prepare
---
In fact, as the text above explains, if parameters are used, the first argument must contain a string similar to a SQL statement, but which is not a valid SQL statement (for example, "SELECT name, colour, calories FROM fruit WHERE calories < ? AND colour = ?"). There is a terminological challenge here - perhaps "statement template" would appropriately describe what the argument actually contains.

The text above is less misleading, but is also incorrect:

The SQL statement can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style.

By the way, this does not specify what named parameter markers are, and the manual apparently never does that. Quite clearly, these start with a colon, but there is no specification of what constitutes a name. Visibly, names cannot contain a dot, although the error message leaves me wondering whether that is a bug ("PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 0 [Sybase][ODBC Driver][SQL Anywhere]L'expression près de ':?.nomdossier' est incorrecte", while the parameter marker I tried using is ":dossr.nomdossier").

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-23 23:25 UTC] chealer at gmail dot com

"statement template" is precisely the term used on Wikipedia: https://en.wikipedia.org/wiki/Prepared_statement

[2015-07-29 00:17 UTC] cmb@php.net

Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=337261
Log: clarified $statement parameter description of PDO::prepare (fixes #70120)

[2015-07-29 00:18 UTC] cmb@php.net

-Status: Open +Status: Closed -Package: Documentation problem +Package: PDO related -Operating System: +Operating System: * -Assigned To: +Assigned To: cmb

[2015-07-29 00:18 UTC] cmb@php.net

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 19:00:01 2025 UTC