php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56316 Prepared query emulation doesn't respect INTs
Submitted: 2005-02-21 10:31 UTC Modified: 2005-02-26 10:45 UTC
From: sean at caedmon dot net Assigned: wez (profile)
Status: Closed Package: PDO_MYSQL (PECL)
PHP Version: 5.0.3 OS: Linux
Private report: No CVE-ID: None
 [2005-02-21 10:31 UTC] sean at caedmon dot net
Description:
------------
For emulated MySQL prepared queries; everything gets treated as a string:
10:25 <@_Wez_> the emulation stuff forces the input to be a string
10:25 <@_Wez_> and then quotes it

S


Reproduce code:
---------------
<?php

function pretty_pdo_error($PDO)
{
  $err = $PDO->errorInfo();
  echo "PDO Error: {$err[1]}: {$err[2]}\n";
}

try {
  $PDO = new PDO('mysql:dbname=testdb;host=localhost', 'testdb', 'testdb');
}
catch (PDOException $e) {
  echo 'Connection failed: ' . $e->getMessage();
  die();
}

$sql = "SELECT * FROM testtable LIMIT :limit";
$QS = $PDO->prepare($sql);
$limit = 10;
$QS->bindParam(':limit', $limit, PDO_PARAM_INT);

if (FALSE === $QS->execute()) {
  pretty_pdo_error($PDO);
}

?>


Expected result:
----------------
no error

Actual result:
--------------
PDO Error: 1064: You have an error in your SQL syntax near '"10"' at line 1


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-26 10:45 UTC] wez@php.net
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Apr 24 12:01:26 2019 UTC