Test script:

<?php
$pdo = new PDO($dsn, $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$pdo->exec("DROP TABLE bug74186");
$pdo->exec("CREATE TABLE bug74186 (col VARCHAR(10))");
$pdo->exec("INSERT INTO bug74186 VALUES ('something')");

$stmt = $pdo->prepare("SELECT * FROM bug74186 WHERE col = ?");
var_dump($stmt->execute([str_repeat("0123456789", 27)]));
?>

Fails with: SQLSTATE[HY010]: Function sequence error.

The problem is that we're binding the parameter[1] with the proper
ColumnSize (aka. precision) of 10[1], but then putting data into
the parameter[2] which exceeds that column size.  The ODBC Driver
for SQL Server (and maybe others as well, but not, for instance,
the MySQL ODBC 8.0 Unicode Driver; according to the ODBC
Specification 3.8 either behavior seems to be conforming) is picky
about that, and SQLPutData() actually fails with [22001] String
data, right truncation; we don't catch that error, but go on
calling SQLParamData() again, what triggers the [HY010] Function
sequence error.

The same issue occurs also if the user prepares respective DML
queries.

It is not clear *how* we should solve this.  We could either be
strict about the length of bound parameters and reject these right
away, or we could be more liberal for strict drivers by silently
truncating the parameter values.  The latter would not break BC,
but might be regarded the wrong behavior.

[1] <https://github.com/php/php-src/blob/php-7.3.23/ext/pdo_odbc/odbc_stmt.c#L379-L386>
[2] <https://github.com/php/php-src/blob/php-7.3.23/ext/pdo_odbc/odbc_stmt.c#L200-L201>

Closing in favor of <https://github.com/php/php-src/issues/9372>.