php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #71628 Column names with ? in them confuse the PDO parameter binding
Submitted: 2016-02-19 01:21 UTC Modified: 2021-09-14 11:22 UTC
Votes:5
Avg. Score:3.2 ± 1.6
Reproduced:3 of 4 (75.0%)
Same Version:1 (33.3%)
Same OS:0 (0.0%)
From: californialife88 at hotmail dot com Assigned:
Status: Open Package: PDO MySQL
PHP Version: 5.6.18 OS: Windows 7
Private report: No CVE-ID: None
View Developer Edit
 [2016-02-19 01:21 UTC] californialife88 at hotmail dot com 
Description:
------------
This bug has been described well in the following Stack Overflow thread:

http://stackoverflow.com/questions/12092907/php-pdo-insert-to-column-with-question-mark-in-name/35495548#35495548

In particular, please check out the Original Post and the reply by Andre.

Test script:
---------------
INSERT INTO `myTable` (`Id`, `Title`, `Expired?`) VALUES (?, ?, ?)

followed by a binding for the 3 variables.

Notice the '?' in one of the column names...

Expected result:
----------------
Insert operation in database

Actual result:
--------------
Error message: "wrong number of parameters passed"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-19 02:11 UTC] requinix@php.net
-Type: Bug +Type: Feature/Change Request -PHP Version: 5.5.32 +PHP Version: 5.6.18
 [2016-02-19 02:11 UTC] requinix@php.net 
Disable emulated prepares.

MySQL, and only MySQL, uses backticks as a way of quoting identifiers, but PDO is general purpose so it doesn't know about MySQL's idiosyncrasies when it tries to parse the statement looking for placeholders.

The only way I could see this being solved is if statement parsing was offloaded to the driver instead of being handled by vanilla PDO.
 [2021-09-14 11:22 UTC] cmb@php.net 
> MySQL, and only MySQL, uses backticks as a way of quoting
> identifiers, but PDO is general purpose so it doesn't know about
> MySQL's idiosyncrasies when it tries to parse the statement
> looking for placeholders.

While PDO indeed ignores backtick quoting, it is aware of
backslash escaping, which is non standard as well (see bug
#79276).

> The only way I could see this being solved is if statement
> parsing was offloaded to the driver instead of being handled by
> vanilla PDO.

That.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC