|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63347 Different behavior of parameters processing
Submitted: 2012-10-24 14:06 UTC Modified: 2012-10-26 03:35 UTC
From: naquad at gmail dot com Assigned: wez (profile)
Status: Not a bug Package: PDO related
PHP Version: 5.4.8 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: naquad at gmail dot com
New email:
PHP Version: OS:


 [2012-10-24 14:06 UTC] naquad at gmail dot com
PDO::ATTR_EMULATE_PREPARES changes behavior of parameter processing.
When it is enabled multiple occurrences of named parameter work as expected, but 
when it is disabled I get "Invalid parameter number" error.

Test script:
  $pdo = new PDO('mysql:host=localhost;dbname=test', 'root', '');
  $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); /// remove this line and scirpt works as expected
  $query = $pdo->prepare('select :x = :x');
  $query->bindValue(':x', 1);
  $t = $query->fetch();

Expected result:
array(2) {
  '\'1\' = \'1\'' =>
  string(1) "1"
  [0] =>
  string(1) "1"

Actual result:
PDOException: SQLSTATE[HY093]: Invalid parameter number in 
/srv/http/fucktube/app/test.php on line 7

Call Stack:
    0.0002     230552   1. {main}() /srv/http/fucktube/app/test.php:0
    0.0739     246416   2. PDOStatement->execute() 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 04:01 UTC]
seems native prepare supporting doesn't supports multi-same-name params, it will 
faild in the params number checking
 [2012-10-25 04:02 UTC]
-Assigned To: +Assigned To: wez
 [2012-10-25 10:08 UTC]
I consider this bogus: SQL syntax violated. Mapping feature abused to create dynamic SQL, which is against the main argument brought up for PDO's PS fixation.
 [2012-10-25 10:15 UTC] naquad at gmail dot com
Its not bogus. You can change the query to something like 'insert into users(login, password, screen_name) values(:login, :password, :login)' and issue will be still ok. And if it is "violated" then why emulated prepares work with this?
 [2012-10-26 03:35 UTC]
-Status: Assigned +Status: Not a bug
 [2012-10-26 03:35 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

We can't reimplement the mysql (or any DB) prepared statement support 100% on the 
client side.  Emulated prepares behave differently and this is one of the ways 
that this manifests.   This behavior will not be changed.  If it is important for 
you that this work both ways, then you should write your queries with emulated 
prepares turned off.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 15 06:01:29 2024 UTC