|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5482 ODBC Support lacks ability to pass named parameters for MS Access
Submitted: 2000-07-09 12:09 UTC Modified: 2001-04-28 15:32 UTC
From: bram at xspace dot com Assigned:
Status: Closed Package: ODBC related
PHP Version: 4.0.1pl2 OS: WIN NT 4.0 (WIN 32)
Private report: No CVE-ID: None
 [2000-07-09 12:09 UTC] bram at xspace dot com
There is a similar but slightly different bug report 2976 that describes parameter passing problems as well.

Steps to observe behaviour:

1) In MS Access (preferably 97 or 2000) create a table named PEOPLE containing two fields
    username and password of any type.

2) Populate the table with a row of test data.

3) In MS Access create the following query name verifypassword:

         SELECT username
         FROM people
         WHERE username = InputUsername AND password = InputPass

        Since the DB is not going to be secured for any test cases, do NOT include the 
        WITH OWNERACCESS OPTION, as it is pointless and may not work.  When in a 
        secured database, this query will allow verification of a username and password 
        combination for a user that does not have access to the PEOPLE table without 
        giving direct access to the password field.  I provide this only for a description of

4) Make an ODBC DSN to the DB

5) In your PHP script connect to the DSN first, save connection to $conn.

6) In your PHP script, then add:

         $prep = odbc_prepare( $conn, "SELECT * FROM VERIFYPASSWORD" );
         $params = array( "test", "case" );
         ODBC_Execute( $prep, &$params );

7) You will get a "missing parameters" error.

There is no appearant way to populate MS Access parameters from PHP.  
Since, in this case the query must be created under a user with priviledges to
a secured table, the query cannot be generated on the fly -- access will be denied.

Ideally, I should be able to populate my $params array as:
        $params = array( "InUsername" => "test", "InPassword" => "case" );

Synonymous behaviour in ASP:
In ASP the RECORDSET object supports named parameters.  
Obviously this functionality works in ASP.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-01 19:48 UTC]
please try this with a recent release or snapshot of PHP 
and see if this continues for you.
 [2001-04-28 15:32 UTC]
No feedback. If this problem persists with PHP 4.0.5 which
will be released next week, please reopen this report.

PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Jul 18 11:01:25 2019 UTC