php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #70120 PDO::prepare - First argument does not have to be a valid SQL statement
Submitted: 2015-07-23 21:01 UTC Modified: 2015-07-29 00:18 UTC
From: chealer at gmail dot com Assigned: cmb (profile)
Status: Closed Package: PDO related
PHP Version: Irrelevant OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: chealer at gmail dot com
New email:
PHP Version: OS:

 

 [2015-07-23 21:01 UTC] chealer at gmail dot com
Description:
------------
 statement

    This must be a valid SQL statement for the target database server.
---
From manual page: http://www.php.net/pdo.prepare
---
In fact, as the text above explains, if parameters are used, the first argument must contain a string similar to a SQL statement, but which is not a valid SQL statement (for example, "SELECT name, colour, calories FROM fruit WHERE calories < ? AND colour = ?"). There is a terminological challenge here - perhaps "statement template" would appropriately describe what the argument actually contains.

The text above is less misleading, but is also incorrect:

The SQL statement can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style.



By the way, this does not specify what named parameter markers are, and the manual apparently never does that. Quite clearly, these start with a colon, but there is no specification of what constitutes a name. Visibly, names cannot contain a dot, although the error message leaves me wondering whether that is a bug ("PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 0 [Sybase][ODBC Driver][SQL Anywhere]L'expression près de ':?.nomdossier' est incorrecte", while the parameter marker I tried using is ":dossr.nomdossier").


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-23 23:25 UTC] chealer at gmail dot com
"statement template" is precisely the term used on Wikipedia: https://en.wikipedia.org/wiki/Prepared_statement
 [2015-07-29 00:17 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=337261
Log: clarified $statement parameter description of PDO::prepare (fixes #70120)
 [2015-07-29 00:18 UTC] cmb@php.net
-Status: Open +Status: Closed -Package: Documentation problem +Package: PDO related -Operating System: +Operating System: * -Assigned To: +Assigned To: cmb
 [2015-07-29 00:18 UTC] cmb@php.net
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 11:01:25 2019 UTC