PHP :: Bug #56316 :: Prepared query emulation doesn't respect INTs

Bug #56316	Prepared query emulation doesn't respect INTs
Submitted:	2005-02-21 10:31 UTC	Modified:	2005-02-26 10:45 UTC
From:	sean at caedmon dot net	Assigned:	wez (profile)
Status:	Closed	Package:	PDO_MYSQL (PECL)
PHP Version:	5.0.3	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2005-02-21 10:31 UTC] sean at caedmon dot net

Description:
------------
For emulated MySQL prepared queries; everything gets treated as a string:
10:25 <@_Wez_> the emulation stuff forces the input to be a string
10:25 <@_Wez_> and then quotes it

S


Reproduce code:
---------------
<?php

function pretty_pdo_error($PDO)
{
  $err = $PDO->errorInfo();
  echo "PDO Error: {$err[1]}: {$err[2]}\n";
}

try {
  $PDO = new PDO('mysql:dbname=testdb;host=localhost', 'testdb', 'testdb');
}
catch (PDOException $e) {
  echo 'Connection failed: ' . $e->getMessage();
  die();
}

$sql = "SELECT * FROM testtable LIMIT :limit";
$QS = $PDO->prepare($sql);
$limit = 10;
$QS->bindParam(':limit', $limit, PDO_PARAM_INT);

if (FALSE === $QS->execute()) {
  pretty_pdo_error($PDO);
}

?>


Expected result:
----------------
no error

Actual result:
--------------
PDO Error: 1064: You have an error in your SQL syntax near '"10"' at line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-02-26 10:45 UTC] wez@php.net

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 08:00:02 2025 UTC