Bug #52489 [Bgs]: PDOStatement::execute() errors when querying for backslash and question mark

untold69 at hotmail dot com Thu, 29 Jul 2010 09:29:42 -0700

Edit report at http://bugs.php.net/bug.php?id=52489&edit=1


 ID:                 52489
 User updated by:    untold69 at hotmail dot com
 Reported by:        untold69 at hotmail dot com
 Summary:            PDOStatement::execute() errors when querying for
                     backslash and question mark
 Status:             Bogus
 Type:               Bug
 Package:            PDO related
 Operating System:   Windows 7
 PHP Version:        5.2.14
 Block user comment: N

 New Comment:

The problem is also specific to the order in which the parameters appear
in the 

statement, for instance this also executes without problem:



$stmt = $pdo->prepare("SELECT * FROM table WHERE column1 = '?' AND
column2 = 

'\'");

$result = $stmt->execute();



So I assume the issue lies in the way PDO parses the SQL statement when
preparing.


Previous Comments:
------------------------------------------------------------------------
[2010-07-29 18:16:31] untold69 at hotmail dot com

The question mark is surrounded by quotes and so should be used as a
literal value 

to query the table column, not as a parameter placeholder.  The exact
same SQL 

statement executes fine when using PDO::query, e.g.



$result = $pdo->query("SELECT * FROM table WHERE column1 = '\' AND
column2 = 

'?'");

------------------------------------------------------------------------
[2010-07-29 17:52:08] [email protected]

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Question marks are parameter placeholders.

------------------------------------------------------------------------
[2010-07-29 17:48:29] untold69 at hotmail dot com

Description:
------------
Using PDO to prepare and then execute a statement that queries for a
backslash and 

then a question mark sequentially in two columns generates a warning.

Test script:
---------------
$pdo = new PDO("mssql:dbname=mydb;host=myhost", "myuser",
"mypassword");

$stmt = $pdo->prepare("SELECT * FROM table WHERE column1 = '\' AND
column2 = '?'");

$result = $stmt->execute();

Expected result:
----------------
Array or false.

Actual result:
--------------
Warning: PDOStatement::execute() [pdostatement.execute]:
SQLSTATE[HY093]: Invalid 

parameter number: no parameters were bound in ...


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52489&edit=1

Bug #52489 [Bgs]: PDOStatement::execute() errors when querying for backslash and question mark

Reply via email to