#49381 [NEW]: PDO mysql prepare incorrectly quoting

Wed, 26 Aug 2009 20:31:15 -0700 

From:             eprayner at gmail dot com
Operating system: Linux
PHP version:      5.2SVN-2009-08-27 (SVN)
PHP Bug Type:     PDO related
Bug description:  PDO mysql prepare incorrectly quoting

Description:
------------
When using PDO prepare for mysql, quotes are incorrectly inserted around
column names, resulting in errors or unexpected results.  This problem
would have been _much_ easier to diagonise if there was a way of seeing the
actual statement.  Something like:
$string PDOStatement::executeString()---returns the statement that would
have been executed by PDOStatement::execute().

Reproduce code:
---------------
//given a mysql connection $pdo
//and a database table 'myTable' with columns: id, col1, col2, col3
//with a row: 1, value1, value2, value3.

$stmt=$pdo->prepare("SELECT ? FROM myTable WHERE id=?");
$myColumn = 'col1';
$stmt->execute(array($myColumn, 1));
$row=$stmt->fetch();
print_r($row);

Expected result:
----------------
I'd expect to see: "value1" displayed, as you'd expect for the statement:
"SELECT col1 FROM myTable WHERE id=1"

Actual result:
--------------
What is displayed is: "col1", as you'd expect for the statement:
"SELECT 'col1' FROM myTable WHERE id=1"

Other statements result in errors.  Example:
$stmt=$pdo->prepare("UPDATE myTable SET ?=? WHERE id=?");
$stmt->execute(array($myColumn, $myValue, $myId));

is a syntax error, as is the SQL:
UPDATE myTable SET 'col1'=3 WHERE id=1;

This problem means that I cant use prepare and execute statements at all.

-- 
Edit bug report at http://bugs.php.net/?id=49381&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=49381&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=49381&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=49381&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=49381&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=49381&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=49381&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=49381&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=49381&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=49381&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=49381&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=49381&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=49381&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=49381&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=49381&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=49381&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=49381&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=49381&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=49381&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=49381&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=49381&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=49381&r=mysqlcfg

Reply via email to