ID: 49381 User updated by: eprayner at gmail dot com Reported By: eprayner at gmail dot com Status: Open Bug Type: PDO related Operating System: Linux PHP Version: 5.2SVN-2009-08-27 (SVN) New Comment:
OK. At http://dev.mysql.com/doc/refman/5.1/en/prepare.html it says 'Parameter markers can be used only where data values should appear, not for SQL keywords, identifiers, and so forth.' So either this is a restriction for php PDOs, in which case it should be explained in the documentation, or it is a problem with php's 'PDO prepared statement emulation parser', as you say. It is nice to know, at least, that even if php PDOs were 'improved' to handle 'column parameter markers', there would be no efficiency payoff (with mysql at least). Previous Comments: ------------------------------------------------------------------------ [2009-09-18 08:19:53] u...@php.net It is not a MySQL bug. MySQL native prepared statements to not support using bind variables as identifiers. http://dev.mysql.com/doc/refman/5.1/en/prepare.html At most it is a bug of the PDO prepared statement emulation parser. ------------------------------------------------------------------------ [2009-08-27 03:35:02] eprayner at gmail dot com MYSQL Server version: 5.0.67-0ubuntu6 (Ubuntu) >From reading other bugs, I'm beginning to think this is a MySQL bug, rather than a PHP bug. ------------------------------------------------------------------------ [2009-08-27 03:31:03] eprayner at gmail dot com Description: ------------ When using PDO prepare for mysql, quotes are incorrectly inserted around column names, resulting in errors or unexpected results. This problem would have been _much_ easier to diagonise if there was a way of seeing the actual statement. Something like: $string PDOStatement::executeString()---returns the statement that would have been executed by PDOStatement::execute(). Reproduce code: --------------- //given a mysql connection $pdo //and a database table 'myTable' with columns: id, col1, col2, col3 //with a row: 1, value1, value2, value3. $stmt=$pdo->prepare("SELECT ? FROM myTable WHERE id=?"); $myColumn = 'col1'; $stmt->execute(array($myColumn, 1)); $row=$stmt->fetch(); print_r($row); Expected result: ---------------- I'd expect to see: "value1" displayed, as you'd expect for the statement: "SELECT col1 FROM myTable WHERE id=1" Actual result: -------------- What is displayed is: "col1", as you'd expect for the statement: "SELECT 'col1' FROM myTable WHERE id=1" Other statements result in errors. Example: $stmt=$pdo->prepare("UPDATE myTable SET ?=? WHERE id=?"); $stmt->execute(array($myColumn, $myValue, $myId)); is a syntax error, as is the SQL: UPDATE myTable SET 'col1'=3 WHERE id=1; This problem means that I cant use prepare and execute statements at all. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49381&edit=1
