|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2020-12-11 15:26 UTC] nikic@php.net
-Status: Open
+Status: Duplicate
[2020-12-11 15:26 UTC] nikic@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 31 20:00:01 2025 UTC |
Description: ------------ When using ERRMODE_EXCEPTION, a call to execute() with *more values* than parameters does not throw an exception. The call fails with false. The query is not executed by the db. The docs of execute() states: "Binding more values than specified is not possible; if more keys exist in input_parameters than in the SQL specified in the PDO::prepare(), then the statement will fail and an error is emitted." I've tested this with Mysqlnd. Test script: --------------- $host = ''; $db = ''; $user = ''; $pass = ''; $options = [ PDO::ATTR_EMULATE_PREPARES => false, /* required */ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, ]; $pdo = new PDO("mysql:host=$host; dbname=$db; charset=utf8mb4", $user, $pass, $options); $stmt = $pdo->prepare('select ? a, ? b'); try { var_dump($stmt->execute([0]), $stmt->fetchAll(PDO::FETCH_ASSOC)); } catch (Throwable $error) { echo $error->getMessage() . "\n"; } var_dump($stmt->execute([0, 1]), $stmt->fetchAll(PDO::FETCH_ASSOC)); try { var_dump($stmt->execute([0, 1, 2]), $stmt->fetchAll(PDO::FETCH_ASSOC)); } catch (Throwable $error) { echo $error->getMessage() . "\n"; } Expected result: ---------------- I expect both execute() with the wrong number of values to throw an exception. Actual result: -------------- The last execute() fails with false and does not throw an exception. Output from the test script: SQLSTATE[HY093]: Invalid parameter number bool(true) array(1) { [0]=> array(2) { ["a"]=> string(1) "0" ["b"]=> string(1) "1" } } bool(false) array(0) { }