#48856 [Fbk->Asn]: PDO_Statement->bindParam binds multiple parameters of the same name

Wed, 23 Sep 2009 10:30:10 -0700 

 ID:               48856
 Updated by:       bj...@php.net
 Reported By:      dhammari at q90 dot com
-Status:           Feedback
+Status:           Assigned
 Bug Type:         PDO related
 Operating System: Linux 2.6.27-gentoo-r8
 PHP Version:      5.2.10
-Assigned To:      bjori
+Assigned To:      dbs
 New Comment:

No idea. Its been like this for almost 4years..
Dan? Was this originally a limitation in PDO?


Previous Comments:
------------------------------------------------------------------------

[2009-09-23 16:17:57] sjo...@php.net

Bjori, do you know why this was in the documentation?

------------------------------------------------------------------------

[2009-07-08 20:04:01] dhammari at q90 dot com

Description:
------------
My PDO Statement seems to bind multiple parameters of the same name
even though the PDO->Prepare documentation indicates that this should
fail: "You cannot use a named parameter marker of the same name twice in
a prepared statement." Nevertheless, my SQL statement that is reusing
the same parameter is getting through and returning a valid result set
from a MySQL engine.

PHP Version: 5.2.9-pl2-gentoo
System: Linux 2.6.27-gentoo-r8

Reproduce code:
---------------
<?php

// CREATE TABLE `testError` (`id` INT NOT NULL AUTO_INCREMENT PRIMARY
KEY , `Name` VARCHAR( 50 ) NOT NULL , `Description` TEXT NOT NULL);
// INSERT INTO `testError` (`id` , `Name` , `Description`) VALUES ('1',
'Binds Both Parameters', 'Seems to bind both parameters'), ('2', 'Binds
All Parameters', 'Seems to bind all parameters');
    
    $pdo = new PDO($_SESSION["API_DB_dsn"],
$_SESSION["API_DB_username"], $_SESSION["API_DB_password"]);
    $sql = "SELECT * FROM testError WHERE id >= :myParameter AND
LENGTH(name) > :myParameter AND 1 = :myParameter";
    $params = array("myParameter" => 1);
    $statement = $pdo->prepare($sql);
    foreach($params as $key => $value){
        $statement->bindParam(":".$key, $value);
    }
    $statement->debugDumpParams();
    $success = $statement->execute();
    if(!$success){
        echo("\n<p style='color:red;'>SQL FAILED</p>\n");
        var_dump($pdo->errorInfo());
        var_dump($statement->errorInfo());
    }
    else{
        echo("\n<p style='color:green;'>SQL SUCCEEDED</p>\n");
        $result = $statement->fetchALL(PDO::FETCH_ASSOC);
        var_dump($result);
    }

?>

Expected result:
----------------
I expect to see the following error:

Invalid parameter number: number of bound variables does not match
number of tokens

SQL FAILED

array
  0 => string '00000' (length=5)

array
  0 => string 'HY093' (length=5)


Actual result:
--------------
Instead, I get the following:

SQL SUCCEEDED

array
  0 => 
    array
      'id' => string '1' (length=1)
      'Name' => string 'Binds Both Parameters' (length=21)
      'Description' => string 'Seems to bind both parameters'
(length=29)
  1 => 
    array
      'id' => string '2' (length=1)
      'Name' => string 'Binds All Parameters' (length=20)
      'Description' => string 'Seems to bind all parameters'
(length=28)



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48856&edit=1

Reply via email to