ID: 43130 Updated by: [EMAIL PROTECTED] Reported By: joel at purerave dot com -Status: Closed +Status: Wont fix Bug Type: PDO related Operating System: Windows XP Home PHP Version: 5.2.4 Assigned To: iliaa New Comment:
The fix for this bug that went into CVS on 29th Oct was reverted on 26th Nov following advice from various database experts. See http://news.php.net/php.cvs/46848, http://news.php.net/php.cvs/47302 and anything else on that thread for details. Previous Comments: ------------------------------------------------------------------------ [2007-10-30 09:51:43] [EMAIL PROTECTED] I disagree with the decision to allow "-" in parameter names. Parameter names should consist of [a-zA-Z] and nothing else. "-" is an operator in most databases. For BC compatibility I'm also fine with the old pattern [:][a-zA-Z0-9_]+ . Though I must say, that I'd prefer [:][a-zA-Z]+[a-zA-Z0-9_]+, don't allow ":0". ":0" looks a bit like "operator" + "number"... However, the underlying problem here is that there is absolutely no specification for PDO. This makes PDO a guessing game and error prone. ------------------------------------------------------------------------ [2007-10-29 22:37:51] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2007-10-29 18:07:00] joel at purerave dot com Description: ------------ Parameters to bind in a prepared statement cannot contain dashes (-) in the name. It probably assumes that "-value" should be another variable. If this cannot be fixed, then at least update the documentation to make it clear what names can and cannot be used. Using {} around the variable name would be nice too! Reproduce code: --------------- $db = new PDO("mysql:host=localhost;dbname=testing", 'xxxx', 'xxxx'); $stmt = $db->prepare("SELECT id FROM testing WHERE id=:id-value"); $stmt->bindParam(':id-value', $id); $id = 1; $stmt->execute(); var_dump($stmt->fetch()); Expected result: ---------------- array(2) { ["id"]=> string(1) "1" [0]=> string(1) "1" } Actual result: -------------- Warning: PDOStatement::execute() [function.PDOStatement-execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\htdocs\test.php on line 8 bool(false) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43130&edit=1
