From: om at viazenetti dot de Operating system: Linux PHP version: 5.2.5 PHP Bug Type: PDO related Bug description: Question mark and an escaped singel quote lead to an exception
Description: ------------ If a question mark and an escaped singel quote appear in a where statement as value, the PDO method prepare tries to bind a value to the question mark. Because no values are passed, pdo throws an exception (Only tested with where statements): PDOStatement::execute() [function.PDOStatement-execute]: SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in Reproduce code: --------------- <?php $db = new PDO('mysql:host=localhost;dbname=DATABASE', 'USER', 'PASSWORD'); $sth = $db->prepare("SELECT * FROM `TABLE` WHERE (login = '?\'')"); $sth->execute(); var_dump($sth->fetch()); Expected result: ---------------- Array or false Actual result: -------------- Exception: PDOStatement::execute() [function.PDOStatement-execute]: SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in -- Edit bug report at http://bugs.php.net/?id=44251&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44251&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44251&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44251&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44251&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44251&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44251&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44251&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44251&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44251&r=support Expected behavior: http://bugs.php.net/fix.php?id=44251&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44251&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44251&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44251&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44251&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44251&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44251&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44251&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44251&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44251&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44251&r=mysqlcfg