|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45101 pg_send_query_params ORDER BY ignored
Submitted: 2008-05-27 04:47 UTC Modified: 2008-10-20 00:41 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: alan at fromorbit dot com Assigned: hholzgra (profile)
Status: Not a bug Package: PostgreSQL related
PHP Version: 5.2.6 OS: Linux x64
Private report: No CVE-ID: None
 [2008-05-27 04:47 UTC] alan at fromorbit dot com
Hi all,

I've discovered that if you use pg_send_query_params() and try and include a parameter for an 'ORDER BY' for example it's completely ignored. I've looked at the pg_trace() output and it appears to be doing the right thing. All I can assume is that the parameter is being converted to a TRUE for an ORDER BY, and so the database happily accepts 'ORDER BY 1'.

Reproduce code:
create table php_bug (id integer, name varchar(255));
insert into php_bug values (1, 'one');
insert into php_bug values (2, 'two');
insert into php_bug values (3, 'three');
insert into php_bug values (4, 'four');
insert into php_bug values (5, 'five');

$conn = pg_connect('host=localhost dbname=test port=5432 user=web');

$sql = 'SELECT * FROM php_bug WHERE name LIKE $1 ORDER BY $2';
$params = array('%o%', 'doesnt_exist_and_should_be_an_sql_error');

if (! pg_connection_busy($conn)) pg_send_query_params($conn, $sql, $params);

$res = pg_get_result($conn);

while($row = pg_fetch_assoc($res))
        echo "{$row['id']} - {$row['name']}\n";


Expected result:
An SQL error or an output that is ordered by the given parameter

Actual result:
1 - one
2 - two
4 - four


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-19 23:37 UTC]
ORDER BY can get both a result column name or an expression as input,
in regular statements you would distinguish between a column name and a string expression by checking whether the name is in qoutes or not.

With pg_send_query_params() the situation becomes ambiguous though and the function always picks the string variant, so your statement becomes the equivalent of

  FROM php_bug 
  WHERE name LIKE '%o%' 
  ORDER BY 'doesnt_exist_and_should_be_an_sql_error';

and so sorts by a constant (string) expression.
 [2008-10-20 00:41 UTC] alan at fromorbit dot com
If that's the case, how does one sort by the column name passed into the statement via the prepared values array if it always selects string?

Should this be documented?
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jun 15 04:01:30 2024 UTC