|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49651 "IN" statment badly handled in bindValue
Submitted: 2009-09-24 08:48 UTC Modified: 2009-09-24 09:02 UTC
From: mmarais at centrapel dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.2.11 OS: Linux version 2.6.18-6-686 (Debi
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
48 - 21 = ?
Subscribe to this entry?

 [2009-09-24 08:48 UTC] mmarais at centrapel dot com
Using named paramters with the "IN" statement does not work correctly. Is a list is used as a parameter with bindValue this list is interpreted as a quoted string in the sql command

Reproduce code:
$arrEmployees = array(1,2,3,4,5,6);

$strSQL = "
   SELECT id, name
   FROM   employees
   WHERE  id in (:my_list);

$objPDOStatement = $objPDO->prepare($strSQL);
$objPDOStatement -> bindValue(':my_list', implode(',', $arrEmployees));
$objPDOStatement -> execute();

Expected result:
id | name
 1 | John Doe
 2 | Jack Doe
 3 | Gill Doe
 4 | Ralf Doe
 5 | Sven Doe
 6 | Carl Doe

Actual result:
id | name
 1 | John Doe

In sql cli, same results as if running  

   SELECT id, name
   FROM   employees
   WHERE  id in ('1,2,3,4,5,6'); -- List with quotes;

when expecting

   SELECT id, name
   FROM   employees
   WHERE  id in (1,2,3,4,5,6); -- List with no quotes;


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-24 09:02 UTC]
Closing because it is a duplicate of . Please follow up in the other bug report.

A workaround is to specify the type of the parameter explicitly. 
 [2012-03-12 10:19 UTC] alvaro at demogracia dot com
IMHO: not dupe, just invalid. You can't use one place-holder to inject six 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Dec 02 22:03:38 2021 UTC