Edit report at https://bugs.php.net/bug.php?id=63972&edit=1
ID: 63972 Updated by: johan...@php.net Reported by: denis dot gasparin at edistar dot com Summary: Incorrect escape of query when using PDO::ATTR_EMULATE_PREPARES -Status: Open +Status: Duplicate Type: Bug Package: PDO related Operating System: Linux PHP Version: 5.3.20 Block user comment: N Private report: N New Comment: This is a known limitation in the PDO statement parser. Previous Comments: ------------------------------------------------------------------------ [2013-01-11 18:14:46] denis dot gasparin at edistar dot com Description: ------------ I have a table with two varchar fields: create table test( a varchar, b varchar ); When I execute an insert query where the following conditions are met: - the first field contains a string like this \\''a - the second field containts a ? character - the PDO attribute PDO::ATTR_EMULATE_PREPARES is passed to PDO::prepare method I get the following error: Invalid parameter number: no parameters were bound in php shell code on line 1 I don't know if the problem is bound to postgresql databases only or other ones. Test script: --------------- $db = new PDO("pgsql:host=localhost;port=5432;dbname=test;"); $sql = "insert into test values ('\\''a','?')"; $res = $db->prepare($sql,array(PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT => 1)); $res->execute(); Expected result: ---------------- The query should be executed correctly Actual result: -------------- Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in php shell code on line 1 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63972&edit=1