php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #48431 Support PDO::PARAM_STMT
Submitted: 2009-05-29 20:08 UTC Modified: 2021-07-09 13:21 UTC
Votes:22
Avg. Score:4.6 ± 0.7
Reproduced:18 of 18 (100.0%)
Same Version:9 (50.0%)
Same OS:11 (61.1%)
From: candrews at integralblue dot com Assigned: cmb (profile)
Status: Wont fix Package: PDO related
PHP Version: 5.2.9 OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-05-29 20:08 UTC] candrews at integralblue dot com
Description:
------------
According to the PDO constants page at http://us3.php.net/manual/en/pdo.constants.php , PDO::PARAM_STMT "Represents a recordset type. Not currently supported by any drivers." It would be nice if PDO supported this type for all drivers in that don't directly support it using emulation, and for drivers do, using the driver implementation (just like how all the other prepared statement parameter types work).

Reproduce code:
---------------
Right now, implementing a prepared statement query involving arrays is (I believe) impossible.

<?php
$sth = $dbh->prepare('SELECT *
    FROM users
    WHERE username in :usernames);
$sth->bindParam(":usernames", array("alice","bob","dave"), PDO::PARAM_STMT);
$sth->execute();
?>

That would be very nice to be able to do - and I believe that is the correct syntax.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 20:40 UTC] jani@php.net
-Package: Feature/Change Request +Package: PDO related -Operating System: n/a +Operating System: *
 [2011-12-01 06:34 UTC] ssufficool@php.net
I believe the correct syntax would be:

<?php
$sth = $dbh->prepare("SELECT * FROM users 
JOIN :usernames as mytab 
on users.name = mytab.username");

$sth2 = $dbh2->execute("select username, userid, accesslevel from permissions where accesslevel='admin'")

$sth->bindParam(":usernames", $sth2, PDO::PARAM_STMT);
$sth->execute();
?>

PDO::PARAM_ARRAY would make more sense for an associative array argument, which could be used in the same way.


An example prepared statement for either case would be: 
SELECT * FROM users 
JOIN (
  SELECT 'user1' as username, 1 as userid, 'admin' as accesslevel
  UNION ALL SELECT 'user5' as username, 5 as userid, 'admin' as accesslevel
) as mytab 
on users.name = mytab.username
 [2021-07-09 13:21 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-07-09 13:21 UTC] cmb@php.net
PARAM_STMT sounds like a failed attempt at this point; PARAM_ARRAY
might be more reasonable, but anyhow, both features would require
an RFC.  Given that there were no further comments on this ticket
for almost ten years, I'm closing as WONTFIX.

If anybody is still looking for this fearture, please pursue the
RFC process[1].

[1] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Sep 26 04:03:36 2021 UTC