PHP :: Bug #34233 :: PDO query parser ignores parameters when surrounded by closed quotes

Bug #34233

PDO query parser ignores parameters when surrounded by closed quotes

Submitted:

2005-08-24 13:23 UTC

Modified:

2005-09-04 02:47 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

php at sagi dot org

Assigned:

wez (profile)

Status:

Closed

Package:

PDO related

PHP Version:

5CVS-2005-09-02

OS:

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 1 + 17 = ?
Subscribe to this entry?

[2005-08-24 13:23 UTC] php at sagi dot org

Description:
------------
Running PHP5.1.0RC1, postgresql 8 server with v7.4.7 client libs (pretty sure native prepared statements are disabled).

When trying to execute this query:
$stmt = $db->prepare("SELECT ('0' || :param || '0')");
$stmt->execute(array(':param' => 123));

PDO actually executes this SQL statement: SELECT ('0' || :param || '0'), without replacing :param.

It seems like the parser thinks the whole "0' || :param || '0" part is quoted, though its not.

The query "SELECT (0 || :param || 0)" works as expected.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-09-01 15:15 UTC] gschlossnagle@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

This works for me in current PHP_5_1 branch using SQLite.

[2005-09-02 11:23 UTC] php at sagi dot org

Problem still exists with php5-200509020830, pgsql driver. 

Did not test with any other driver.

[2005-09-04 00:47 UTC] wez@php.net

Sounds like a greedy regex in our query parser.

[2005-09-04 02:47 UTC] edink@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 03:00:01 2025 UTC