ID: 35795 Updated by: [EMAIL PROTECTED] Reported By: spaze-bugs at exploited dot cz -Status: Open +Status: Bogus Bug Type: PDO related PHP Version: 5.1.1 New Comment:
When you issue queries that change the database session environment like that, PDO has no way to know what you've done without performing all kinds of checks on each query. There's no reason to slow down the common case for everyone else. All your problems are solved by using real prepared statements, where explicit quoting is not required. Previous Comments: ------------------------------------------------------------------------ [2005-12-24 18:58:36] spaze-bugs at exploited dot cz Description: ------------ I'm running MySQL in ANSI SQL mode [1], which includes the ANSI_QUOTES mode. That means /Treat " as an identifier quote character (like the ` quote character) and not as a string quote character./ When I use ie. prepared statements I get these queries in the general query log INSERT INTO "t_images" ("hash", "width", "height", "imageformat_id") VALUES ("ff2204530628d3c589843ef0b37d344a", "500", "500", NULL) Which is bad, the strings (the hash) in the VALUES (...) section should be quoted by the ' character. Don't know what would be the best solution, but I think some documented MySQL specific PDO attribute would be Ok. Thanks for reviewing this issue. [1] http://dev.mysql.com/doc/refman/4.1/en/server-sql-mode.html Reproduce code: --------------- $dbh = new PDO('mysql:host=mysql41;dbname=test', 'root', ''); $dbh->exec("SET SESSION sql_mode='ANSI'"); echo $dbh->quote('foo'); Expected result: ---------------- 'foo' Actual result: -------------- "foo" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35795&edit=1