php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52489 PDOStatement::execute() errors when querying for backslash and question mark
Submitted: 2010-07-29 17:48 UTC Modified: 2010-07-29 18:29 UTC
From: untold69 at hotmail dot com Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.2.14 OS: Windows 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
39 - 31 = ?
Subscribe to this entry?

 
 [2010-07-29 17:48 UTC] untold69 at hotmail dot com 
Description:
------------
Using PDO to prepare and then execute a statement that queries for a backslash and 
then a question mark sequentially in two columns generates a warning.

Test script:
---------------
$pdo = new PDO("mssql:dbname=mydb;host=myhost", "myuser", "mypassword");
$stmt = $pdo->prepare("SELECT * FROM table WHERE column1 = '\' AND column2 = '?'");
$result = $stmt->execute();

Expected result:
----------------
Array or false.

Actual result:
--------------
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid 
parameter number: no parameters were bound in ...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-29 17:52 UTC] degeberg@php.net
-Status: Open +Status: Bogus
 [2010-07-29 17:52 UTC] degeberg@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Question marks are parameter placeholders.
 [2010-07-29 18:16 UTC] untold69 at hotmail dot com 
The question mark is surrounded by quotes and so should be used as a literal value 
to query the table column, not as a parameter placeholder.  The exact same SQL 
statement executes fine when using PDO::query, e.g.

$result = $pdo->query("SELECT * FROM table WHERE column1 = '\' AND column2 = 
'?'");
 [2010-07-29 18:29 UTC] untold69 at hotmail dot com 
The problem is also specific to the order in which the parameters appear in the 
statement, for instance this also executes without problem:

$stmt = $pdo->prepare("SELECT * FROM table WHERE column1 = '?' AND column2 = 
'\'");
$result = $stmt->execute();

So I assume the issue lies in the way PDO parses the SQL statement when preparing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 14:01:29 2024 UTC