[PHP-BUG] Bug #63972 [NEW]: Incorrect escape of query when using PDO::ATTR_EMULATE_PREPARES

Fri, 11 Jan 2013 10:14:58 -0800 

From:             denis dot gasparin at edistar dot com
Operating system: Linux
PHP version:      5.3.20
Package:          PDO related
Bug Type:         Bug
Bug description:Incorrect escape of query when using PDO::ATTR_EMULATE_PREPARES

Description:
------------
I have a table with two varchar fields:

create table test(
a varchar,
b varchar
);

When I execute an insert query where the following conditions are met:
- the first field contains a string like this \\''a
- the second field containts a ? character
- the PDO attribute PDO::ATTR_EMULATE_PREPARES is passed to PDO::prepare
method

I get the following error:

Invalid parameter number: no parameters were bound in php shell code on
line 1

I don't know if the problem is bound to postgresql databases only or other
ones.



Test script:
---------------
$db = new PDO("pgsql:host=localhost;port=5432;dbname=test;");
$sql = "insert into test values ('\\''a','?')";
$res =
$db->prepare($sql,array(PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT
=> 1));
$res->execute();





Expected result:
----------------
The query should be executed correctly

Actual result:
--------------
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter
number: no 
parameters were bound in php shell code on line 1

-- 
Edit bug report at https://bugs.php.net/bug.php?id=63972&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63972&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63972&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63972&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63972&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63972&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63972&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63972&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63972&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63972&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63972&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63972&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63972&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63972&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63972&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63972&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63972&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63972&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63972&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63972&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63972&r=mysqlcfg

Reply via email to