#44639 [Com]: PDO quotes integers in prepared statement

Thu, 12 Jun 2008 06:42:44 -0700 

 ID:               44639
 Comment by:       dobamail at gmail dot com
 Reported By:      jgauld at blueyonder dot co dot uk
 Status:           Open
 Bug Type:         PDO related
 Operating System: WinXP
 PHP Version:      5.2.5
 New Comment:

Hi.
PDO::MySQL
The code:
            $stmt   = $db->prepare('
                SELECT  id, hu_name, ord
                FROM    products
                ORDER BY ord DESC, hu_name
                LIMIT   :offset, :limit
            ');
            $stmt->bindValue(':offset', ($offset*$limit));
            $stmt->bindValue(':limit',  $limit);
            $stmt->execute();
It is work on:
- PHP Version 5.2.0-8+etch11;
- PDO Driver for MySQL, client library version 5.0.32
- MySQL version: 5.0.32-Debian_7etch5-log
Not work on:
- PHP Version 5.2.3-1ubuntu6.3
- PDO Driver for MySQL, client library version 5.0.45
- 5.0.45-Debian_1ubuntu3.3

I hope this help you.
Best regards.


Previous Comments:
------------------------------------------------------------------------

[2008-04-04 15:16:33] jgauld at blueyonder dot co dot uk

Description:
------------
When executing a prepared statement with bound values, any integer
types are seemingly treated as strings and quoted in the final SQL
statement (SQL statements taken from MySQL server log).

I realise I've not used the 'data_type' parameter for the ->bindValue()
method, but according to the PHP manual I shouldn't need to ...

"Explicit data type for the parameter using the PDO::PARAM_* constants.
Defaults to PHP native type."

So the PHP native type in the shown case is an integer - equivalent to
PDO::PARAM_INT, yes?

Reproduce code:
---------------
CREATE TABLE my_db.my_table (
  id int(10) unsigned NOT NULL auto_increment,
  PRIMARY KEY (id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

<?php
$DB = new PDO('mysql:dbname=my_db;host=localhost', 'user', 'pass');
$stmt = $DB->prepare('select * from my_table where id>?');
$stmt->bindValue(1, 13);
$stmt->execute();
?>

or

<?php
$DB = new PDO('mysql:dbname=my_db;host=localhost', 'user', 'pass');
$stmt = $DB->prepare('select * from my_table where id>?');
$stmt->execute(array(13));
?>

Expected result:
----------------
select * from my_table where id>13

Actual result:
--------------
select * from my_table where id>'13'


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=44639&edit=1

Reply via email to