|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71447 an query may return bad result or error "Invalid parameter number"
Submitted: 2016-01-25 16:10 UTC Modified: 2016-02-18 09:34 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: skrol29forum+bugsphp at gmail dot com Assigned: mbeccati (profile)
Status: Closed Package: PDO PgSQL
PHP Version: 5.6.17 OS: Windows 10, Debian Cid
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: skrol29forum+bugsphp at gmail dot com
New email:
PHP Version: OS:


 [2016-01-25 16:10 UTC] skrol29forum+bugsphp at gmail dot com
Depending to a comment in the SQL query, PDO will run it correctly or return an error, or even a wrong result.

Run the test script and an error will raise while the query contains actually no PDO parameters.
Then if you simply delete the character single-quote (replace "that's strange" with "thats strange") in the comment of the SQL query there will be no error.

More dramatic:
   $pdo->query($sql_1, PDO::FETCH_NUM);
   $pdo->query($sql_2, PDO::FETCH_NUM);
in order to run the second query.
Take car to previously create the table and the row using the small SQL script at the head of the script.
In this case, there is no error, but the query returns a wrong result (NULL instead of '8000'). If you delete the single-quote in the comment, then the result is correct.

The bug occurs with Windows 10 and Debian Cid with PHP 5.6.17 but also with versions 5.6.16 and 5.6.15. Not tested on PHP 7.
The bug does not occurs with PHP 5.4.3.

I've tested a similar query with PDO-MySQL and there is no error.

PDO version with PHP 5.6.17:
PostgreSQL(libpq) Version 	9.4.1
Module version 	1.0.2
Revision 	$Id: 93432550a76a2298959ec74f40d65c7195a82ad2 $ 

Test script:
Database structure for query #2
CREATE TABLE _test.t_test (prms character varying(255));
INSERT INTO _test.t_test (prms) VALUES ('{"radius":8000}');

// connection to the PostgreSQL database
$pdo = new PDO("pgsql:dbname=mydb;host=myhost", 'myusername', 'mypassword');

$sql_1 = "
SELECT -- that's strange
  SUBSTRING( '{\"radius\":8000}'::text FROM '(?:\"radius\":)([\d\.]*)') AS zzz";

$sql_2 = "
SELECT -- that's strange
  SUBSTRING( prms::text FROM '(?:\"radius\":)([\d\.]*)') AS zzz
FROM _test.t_test";

$rs = $pdo->query($sql_1, PDO::FETCH_NUM);
$rec = $rs->fetch();

Expected result:
array (
  0 => '8000',

Actual result:
Query #1 returns :

« PDO::query(): SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters in ... »

Query #2 returns :

array (
  0 => NULL,


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-18 09:34 UTC]
-Assigned To: +Assigned To: mbeccati
 [2016-04-04 22:11 UTC]
Automatic comment on behalf of mbeccati
Log: Fixed bug #71447 (Quotes inside comments not properly handled)
 [2016-04-04 22:11 UTC]
-Status: Assigned +Status: Closed
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Dec 15 04:01:23 2019 UTC