PHP :: Bug #36798 :: mysql error when using named parameters in a query with high ascii

Bug #36798

mysql error when using named parameters in a query with high ascii

Submitted:

2006-03-20 15:50 UTC

Modified:

2006-12-05 18:06 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

albert at jool dot nl

Assigned:

Status:

Closed

Package:

PDO related

PHP Version:

5.1.2

OS:

Debian Sarge

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	albert at jool dot nl
New email:
PHP Version:		OS:

New Comment:

[2006-03-20 15:50 UTC] albert at jool dot nl

Description:
------------
Create a PDO_MYSQL connection ($db in the example code). Prepare a query with high ascii values between single quotes (update queries are often affected) and one or more named parameters. Execute the query. 

Reproduce code:
---------------
$query = "
	SELECT		'?' as test
	FROM		test
	WHERE		id = :id";
$stm = $db->prepare($query);
$stm->execute(array(":id" => 1));

Expected result:
----------------
No errors, query is correct when executed directly under mysql.

Actual result:
--------------
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':id' at line 3

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-20 15:54 UTC] albert at jool dot nl

Changing the single quotes in the query to double seems to fix the problem.

[2006-03-20 15:59 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

Can't reproduce.

[2006-03-20 16:52 UTC] albert at jool dot nl

Tried the snapshot, and the problem still exists. Perhaps you aren't seeing the error because you need to explicitly set exception handling:

$db = new PDO("mysql:host=$dbHost;dbname=$dbName", $dbUser, $dbPass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

[.. and then the code ..]

[2006-03-20 16:53 UTC] albert at jool dot nl

oops, changed the summary

[2006-03-21 15:41 UTC] iliaa@php.net

What is the charset of the server/connection?

[2006-03-22 19:53 UTC] albert at jool dot nl

Charset of the connection is default ISO-8859-1 (you need to explicitly set another charset in the dsn), and the charset of any mysql table used is default latin1 - if any solution requires changing any of these settings, consider changing PHP first :). 

Anyhow, notice that the query _parsing_ fails, not the query itself. The double-quote fix isn't working btw - the error just didn't show up anymore as output (which is also strange!).

[2006-12-05 18:06 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC