PHP :: Bug #69257 :: Error on PDO MySQL non-emulated statements and repeating the same named param

Bug #69257

Error on PDO MySQL non-emulated statements and repeating the same named param

Submitted:

2015-03-18 16:00 UTC

Modified:

Votes:	6
Avg. Score:	4.0 ± 1.2
Reproduced:	5 of 5 (100.0%)
Same Version:	1 (20.0%)
Same OS:	5 (100.0%)

From:

jrbasso at gmail dot com

Assigned:

Status:

Open

Package:

PDO MySQL

PHP Version:

5.6.6

OS:

Any

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	jrbasso at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-03-18 16:00 UTC] jrbasso at gmail dot com

Description:
------------
When using prepared statements with named parameters that repeats in the statement work fine in emulated prepared statements, but doesn't work in non-emulated mode.

The test script is a simple way to reproduce it.

Test script:
---------------
<?php

$pdo = new PDO('mysql:unix_socket=/var/run/mysqld/mysqld.sock;dbname=test;charset=utf8', 'test', 'test');
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$stmt = $pdo->prepare('SELECT :a = :a');
$stmt->bindValue(':a', 1, PDO::PARAM_INT);
$stmt->execute();

var_dump($stmt->fetchAll(PDO::FETCH_COLUMN));


Expected result:
----------------
array(1) {
  [0]=>
  string(1) "1"
}

Actual result:
--------------
PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number' in /home/vagrant/shared/test.php:10
Stack trace:
#0 /home/vagrant/shared/test.php(10): PDOStatement->execute()
#1 {main}
  thrown in /home/vagrant/shared/test.php on line 10

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-01-09 19:20 UTC] sebastiaanlokhorst at gmail dot com

This bug is still present in PHP 7.2.

The crazy thing is that it is well known and even expected to fail since the addition mysqlnd support in PDO_mysql in 2008.

In the pdo_mysql_prepare_native_dup_named_placeholder.phpt test[1], this exact scenario is tested, and it's expected to fail with
"Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number in %s on line %d"

https://github.com/php/php-src/blob/master/ext/pdo_mysql/tests/pdo_mysql_prepare_native_dup_named_placeholder.phpt

[2018-01-09 22:22 UTC] sebastiaanlokhorst at gmail dot com

So apparently this is indeed expected behavior: see e.g. http://paul-m-jones.com/archives/243

But this means there's a bug in the emulated statement, as it works there. The behavior should be consistent.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Wed Feb 24 18:01:24 2021 UTC