#39483 [Asn]: Problem with using placeholders and string constants in PDO MySQL

Tue, 14 Nov 2006 10:44:02 -0800 

 ID:               39483
 User updated by:  suhachov at gmail dot com
 Reported By:      suhachov at gmail dot com
 Status:           Assigned
 Bug Type:         PDO related
 Operating System: Linux
 PHP Version:      5.2.0
 Assigned To:      wez
 New Comment:

I suggest you some patch to fix this problem:

pdo_sql_parser.re:
        (["] (ESCQQ|ANYNOEOF\[\\"])* ["])      { RET(PDO_PARSER_TEXT);
}
        (['] (ESCQ|ANYNOEOF\[\\'])* ['])       { RET(PDO_PARSER_TEXT);
}
replace with:
        (["] (ESCQQ|[\\]ANYNOEOF|ANYNOEOF\[\\"])* ["])      {
RET(PDO_PARSER_TEXT); }
        (['] (ESCQ|[\\]ANYNOEOF|ANYNOEOF\[\\'])* ['])       {
RET(PDO_PARSER_TEXT); }

(i.e. allow any symbol escaped with backslash). 
I've regenerated parser and it seems working now...


Previous Comments:
------------------------------------------------------------------------

[2006-11-12 18:11:56] suhachov at gmail dot com

Oh! I've forgot to note: when I compile pdo_mysql with 5.0 libraries, I
get this error. When I compile it with 4.1 libraries, I get another
error, but at the same place.

------------------------------------------------------------------------

[2006-11-12 18:05:35] suhachov at gmail dot com

I've tried it with:
5.0.26
4.1.15

------------------------------------------------------------------------

[2006-11-12 17:56:36] [EMAIL PROTECTED]

which version of MySQL are you using?

------------------------------------------------------------------------

[2006-11-12 16:23:41] suhachov at gmail dot com

Description:
------------
It seems that PDO sql parser is broken and tries to look for
placeholders within string constants.

$dbh = new PDO('mysql:...','...','...');
$sth = $dbh->prepare('SELECT my_udf(\'\0:D\0\'),?');
$sth->execute(array(1));

This code triggers an error:
PDO::prepare(): SQLSTATE[HY093]: Invalid parameter number: mixed named
and positional parameters

And I can't replace string constant with placeholder, because MySQL
doesn't allows to use placeholders with UDFs.

Reproduce code:
---------------
see above.
You even don't need any installed UDF.



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39483&edit=1

Reply via email to