ID: 35001 Updated by: [EMAIL PROTECTED] Reported By: antleclercq at online dot fr -Status: Open +Status: Feedback Bug Type: PDO related Operating System: Win2000 PHP Version: 5CVS-2005-10-27 (snap) New Comment:
Add var_dump($sql); just before $res->prepare() and paste the output here. Previous Comments: ------------------------------------------------------------------------ [2005-10-27 16:26:11] antleclercq at online dot fr Description: ------------ Hi, I get this stange bug with the following code. I thought it was fixed when I read the bug report: bugs.php.net/?id=34861, but it seems only partially. Create the folowing table in a "test" db under mysql : CREATE TABLE `test` ( `id` int(11) NOT NULL default '0', `test1` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; INSERT INTO `test` VALUES (1, 'test', ''); Using the code below, try posting the following string : x"'"x:a (magic_quotes_gpc is on) I took the latest snapshot for Win2000. Info : that doesn't crash when using $db->exec($sql). Antoine Reproduce code: --------------- <?php if (isset($_POST)) { $string = $_POST["string"]; $db = new PDO("mysql:dbname=test;host=localhost", "##user##", "##password##"); $sql = "UPDATE test SET test1 = '".$string."' WHERE id = '1'"; $res = $db->prepare($sql); $res->execute(); } ?> <form action="" method="POST"> <input type="text" value="<?php if (isset($_POST)){echo $_POST["string"];}?>" name="string"> </form> Expected result: ---------------- It should update the record. Actual result: -------------- Warning: PDOStatement::execute() [function.execute]: SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in C:\Program Files\Apache Group\Apache2\htdocs\test.php on line 16 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35001&edit=1