php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47960 PDO_MYSQL: cannot bind LIMIT or OFFSET
Submitted: 2009-04-13 13:50 UTC Modified: 2009-09-23 21:04 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: dan dot franklin at pearson dot com Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.2.9 OS: RHEL 5.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dan dot franklin at pearson dot com
New email:
PHP Version: OS:

 

 [2009-04-13 13:50 UTC] dan dot franklin at pearson dot com 
Description:
------------
In moving from PHP 5.1.6 to 5.2.9 I've lost the ability to bind to a LIMIT or OFFSET parameter against MySQL 5.0; that is, if I have
   ... LIMIT ?
or
   ... OFFSET ?
it fails with
   You have an error in your SQL syntax; check the manual that
   corresponds to your MySQL server version for the right syntax to use near ''3'' at line 1

(where "3" is the actual value of the parameter bound to the ?).

 

Reproduce code:
---------------
<?php
$dsn = "mysql:host=localhost;dbname=test";
$dbh = new PDO($dsn, '', '', array());
run_PDO($dbh, "CREATE TABLE t (n int)", array());
run_PDO($dbh, "select n FROM t LIMIT ?", array(3));
run_PDO($dbh, "select n FROM t LIMIT 3 OFFSET ?", array(3));
run_PDO($dbh, "DROP TABLE t", array());

function run_PDO($dbh, $sql, $params) {
    $stmt = $dbh->prepare($sql);
    if (!$stmt) {
        $i = $dbh->errorInfo();
        print "Preparing \"$sql\" failed: $i[2]\n";
    } else if (!$stmt->execute($params)) {
        $i = $stmt->errorInfo();
        print "Executing \"$sql\" failed: $i[2]\n";
    } else {
        print "\"$sql\" succeeded\n";
    }
}
?>


Expected result:
----------------
"CREATE TABLE t (n int)" succeeded
"select n FROM t LIMIT ?" succeeded
"select n FROM t LIMIT 3 OFFSET ?" succeeded
"DROP TABLE t" succeeded

(This is what happens with PHP 5.1.6 MySql 5.0.45)

Actual result:
--------------
"CREATE TABLE t (n int)" succeeded
Executing "select n FROM t LIMIT ?" failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3'' at line 1
Executing "select n FROM t LIMIT 3 OFFSET ?" failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3'' at line 1
"DROP TABLE t" succeeded

(With PHP 5.2.9 MySQL 5.0.77)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-30 06:20 UTC] balagod at gmail dot com 
Hi,
i faced same problem.
i converted my parameters  as integer using typecast (int) it's working.
$stcount=(int)$_POST['stcount'];
$ecount=10;
$selQry="SELECT * from TABLE where status=1 order by add_date limit :offset,:rowcount";
$stmt=$conn->prepare($selQry);
$stmt->bindParam(':offset',$stcount,PDO::PARAM_INT);
$stmt->bindParam(':rowcount',$ecount,PDO::PARAM_INT);
$stmt->execute();
 [2009-09-23 20:15 UTC] uw@php.net 
You are not telling PDO what type your parameter is and it defaults to the safe choice of string. PDO escapes the string and you get the error. Specify INT and it works.
 [2009-09-23 20:26 UTC] dan dot franklin at pearson dot com 
No, the safe choice for PDO would be to use the native PHP type of the variable, where there is a corresponding SQL type. That would be sensible default behavior.  I changed my PDO interface library to do this and it works perfectly. PDO ought to work the same way.
 [2009-09-23 21:04 UTC] uw@php.net 
Whoever is right, let's close this report in favour of http://bugs.php.net/bug.php?id=44639 . There are many duplicates. All boil down to the default of string. Some of the previous reports have been bogussed, AFAIK.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 17 04:01:34 2024 UTC