PHP :: Bug #63347 :: Different behavior of parameters processing

Bug #63347	Different behavior of parameters processing
Submitted:	2012-10-24 14:06 UTC	Modified:	2012-10-26 03:35 UTC
From:	naquad at gmail dot com	Assigned:	wez (profile)
Status:	Not a bug	Package:	PDO related
PHP Version:	5.4.8	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 39 + 45 = ?
Subscribe to this entry?

[2012-10-24 14:06 UTC] naquad at gmail dot com

Description:
------------
PDO::ATTR_EMULATE_PREPARES changes behavior of parameter processing.
When it is enabled multiple occurrences of named parameter work as expected, but 
when it is disabled I get "Invalid parameter number" error.

Test script:
---------------
<?php
  $pdo = new PDO('mysql:host=localhost;dbname=test', 'root', '');
  $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); /// remove this line and scirpt works as expected
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $query = $pdo->prepare('select :x = :x');
  $query->bindValue(':x', 1);
  $query->execute();
  $t = $query->fetch();
  var_dump($t);
  $query->closeCursor();

Expected result:
----------------
array(2) {
  '\'1\' = \'1\'' =>
  string(1) "1"
  [0] =>
  string(1) "1"
}

Actual result:
--------------
PDOException: SQLSTATE[HY093]: Invalid parameter number in 
/srv/http/fucktube/app/test.php on line 7

Call Stack:
    0.0002     230552   1. {main}() /srv/http/fucktube/app/test.php:0
    0.0739     246416   2. PDOStatement->execute() 
/srv/http/fucktube/app/test.php:7

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-10-25 04:01 UTC] laruence@php.net

seems native prepare supporting doesn't supports multi-same-name params, it will 
faild in the params number checking

[2012-10-25 04:02 UTC] laruence@php.net

-Assigned To: +Assigned To: wez

[2012-10-25 10:08 UTC] uw@php.net

I consider this bogus: SQL syntax violated. Mapping feature abused to create dynamic SQL, which is against the main argument brought up for PDO's PS fixation.

[2012-10-25 10:15 UTC] naquad at gmail dot com

Its not bogus. You can change the query to something like 'insert into users(login, password, screen_name) values(:login, :password, :login)' and issue will be still ok. And if it is "violated" then why emulated prepares work with this?

[2012-10-26 03:35 UTC] wez@php.net

-Status: Assigned +Status: Not a bug

[2012-10-26 03:35 UTC] wez@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

We can't reimplement the mysql (or any DB) prepared statement support 100% on the 
client side.  Emulated prepares behave differently and this is one of the ways 
that this manifests.   This behavior will not be changed.  If it is important for 
you that this work both ways, then you should write your queries with emulated 
prepares turned off.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 11:01:28 2024 UTC