php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #76315 Clarify if colons are actually necessary to bind named placeholders
Submitted: 2018-05-09 09:44 UTC Modified: 2018-05-09 13:27 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: alvaro at demogracia dot com Assigned:
Status: Verified Package: PDO Core
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alvaro at demogracia dot com
New email:
PHP Version: OS:

 

 [2018-05-09 09:44 UTC] alvaro at demogracia dot com
Description:
------------
All around PDO documentation (e.g. [1]) it's suggested that named placeholders use the ":foo" syntax both in SQL code and in parameter binding code.

The former is obviously true, the latter is unclear. Omitting colons has always seemed to work in several drivers but I don't know if it's a behaviour to trust and it doesn't seem to be mentioned in documentation.

Please also check "What are colons in parameter names used for?" [2] at Stack Overflow.

[1] http://php.net/manual/en/pdostatement.bindvalue.php
[2] https://stackoverflow.com/questions/17386469/pdo-prepared-statement-what-are-colons-in-parameter-names-used-for

Test script:
---------------
<?php
$dbh = new PDO('mysql:host=localhost', 'test', 'test', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,));

$sth = $dbh->prepare('SELECT :text AS greeting FROM DUAL');
$sth->bindValue('text', 'Hello, World!', PDO::PARAM_STR);
$sth->execute();
var_dump($sth->fetch(PDO::FETCH_ASSOC));


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-05-09 12:50 UTC] requinix@php.net
-Status: Open +Status: Verified
 [2018-05-09 12:50 UTC] requinix@php.net
You're talking specifically about PDOStatement::bindParam/Value, right?

The colon is optional. Internally PDO wants just the plain name so if there is a colon it will be stripped off.
 [2018-05-09 13:22 UTC] alvaro at demogracia dot com
I refer to the overall extension, e.g.:

<?php
$sth = $dbh->prepare('SELECT :text AS greeting FROM DUAL');
$sth->execute(array('text' => 'Hello, World!'));
var_dump($sth->fetch(PDO::FETCH_ASSOC));
?>

... appears to work too despite the respective manual entry [1] showing colons all around.

[1] http://php.net/manual/en/pdostatement.execute.php
 [2018-05-09 13:27 UTC] requinix@php.net
An array to PDOStatement::execute gets bound like it went through bindValue so the deal with colons applies there too.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 21:01:27 2024 UTC