php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64875 Fails if named parameters appears more than once
Submitted: 2013-05-18 03:31 UTC Modified: 2013-06-07 10:12 UTC
From: zuohaocheng1022 at gmail dot com Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.5.0RC1 OS: Mac OS X
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: zuohaocheng1022 at gmail dot com
New email:
PHP Version: OS:

 

 [2013-05-18 03:31 UTC] zuohaocheng1022 at gmail dot com
Description:
------------
Pdo-mysql prepared statements execution fails when one named parameter appears 
more than once in a SQL statement. 

This problem will disappear if set PDO::ATTR_EMULATE_PREPARES to true.

Test script:
---------------
//CREATE TABLE `posts` (
//  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
//  `name` VARCHAR(255),
//  `body` TEXT
//);

$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

// :search appears twice here
$stmt = $pdo->prepare('SELECT id FROM posts WHERE name LIKE :search OR body LIKE :search'); 
$s = 'blablah';
$stmt->bindParam(':search', $s);
$stmt->execute(); // This step throws an exception: Error: SQLSTATE[HY093]: Invalid parameter number
// $stmt->execute([':search'=>$s]); will throw it too
$result = $stmt->fetch();

Expected result:
----------------
No exceptions.

Actual result:
--------------
$stmt>execute fails.

Error: SQLSTATE[HY093]: Invalid parameter number


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-07 10:12 UTC] uw@php.net
-Status: Open +Status: Not a bug
 [2013-06-07 10:12 UTC] uw@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Of course it fails. PDO just stinks: the core will replace :search with ?, then pass it to MySQL which expects two values for two placeholders. 

Can't work with the current PDO architecture. IMHO not a MySQL issue but yet another bug in the PDO architecture: you can't mess around with query manipulation at two layers that are logically seperated.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 16 07:01:31 2024 UTC