php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #66055 PDO::quote does weird conversions with floats
Submitted: 2013-11-07 22:05 UTC Modified: 2014-12-30 10:42 UTC
From: llmll at gmx dot de Assigned:
Status: No Feedback Package: PDO related
PHP Version: 5.5.5 OS: any?
Private report: No CVE-ID: None
View Developer Edit
 [2013-11-07 22:05 UTC] llmll at gmx dot de 
Description:
------------
---
From manual page: http://www.php.net/pdo.quote
---

The PDO::quote messes around with number formats. The documentation does not mention this. It appears, that quote() checks the variable type, and if it detects a float, it will format it according to the locale. This happens EVEN THOUGH you call quote() without second parameter, which tells it to handle the variables as raw string.

Test script:
---------------
//string
$float = '1.55';
echo PDO::quote($float);

// returns '1,55' with point replaced to comma

Expected result:
----------------
should either leave strings alone or mention in the documentation, that it does what it does.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-11-08 15:16 UTC] willfitch@php.net 
Please provide more details behind your environment and test script.  I've tried this with pdo_mysql using both the string you provided and actual double value with valid results.

Also, your call to quote in your test script results in a fatal error in 5.5 as quote is not a static method.
 [2013-12-31 18:33 UTC] frozenfire@php.net
-Status: Open +Status: Feedback
 [2014-12-30 10:42 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2015-02-12 06:43 UTC] masakielastic at gmail dot com 
I reproduced the problem in PHP 5.6.4. bindValue/bindParam methods also have the same problem. http://php.net/manual/en/pdostatement.bindparam.php#101764

$user = 'root';
$passwd = '';
$host = 'localhost';
$db = 'testdb';
$dsn = 'mysql:host=localhost;dbname=testdb';

// http://en.wikipedia.org/wiki/Decimal_mark
// Countries using Arabic numerals with decimal comma

setlocale(LC_NUMERIC, 'pl_PL');
$conn = new PDO($dsn, $user, $passwd);
$mysqli = new mysqli($host, $user, $passwd, $db);

var_dump(
    "'123,45'" === $conn->quote(123.45),
    '123,45' === mysqli_real_escape_string($mysqli, 123.45)
);

setlocale(LC_NUMERIC, 'de_DE');
var_dump(
    '123,45' === strval(123.45),
    '123,45' === (string) 123.45,
    '123,45' === sprintf('%s', 123.45)
);
 [2015-02-12 07:45 UTC] masakielastic at gmail dot com 
I think the status should be wont-fix because of the statement of 22nd General Conference on Weights and Measures ("the symbol for the decimal marker shall be either the point on the line or the comma on the line.").

The description about locale and link for intl's NumberFormatter is also needed for the doc.
 [2015-02-12 08:00 UTC] masakielastic at gmail dot com 
Sorry my last comment about the status. I forgot the report is about the doc.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Sep 20 06:00:01 2025 UTC