ID: 48856 User updated by: dhammari at q90 dot com Reported By: dhammari at q90 dot com Status: Assigned Bug Type: PDO related Operating System: Linux 2.6.27-gentoo-r8 PHP Version: 5.2.10 Assigned To: dbs New Comment:
Hi Bjori, It seems to me that the ability to use the same token for multiple binds has arisen fairly recently. I recall earlier releases of php 5 berating me for attempting to reuse a token in this manner as recently as several months ago. I have looked up documentation on this behavior before, and the articles I have found seem adamant that multiple binding from a single token should be disallowed. For example, please take a look at these previous bug reports from 2005 and 2007: http://bugs.php.net/bug.php?id=33886 http://bugs.php.net/bug.php?id=40417 The discussions in these articles seem to reach a consensus that every time a variable in a prepared PDO statement is bound, it should be bound to a unique token. While I think it is useful to bind multiple parameters to a single token, I don't want to start writing code that relies on this feature until I am assured that this is the intended behavior. Otherwise, my code would not be future proof and could be invalidated by an upcoming release. I would appreciate it if you could clarify the intended behavior and update php's documentation accordingly. Sincerely, Dan Hammari Previous Comments: ------------------------------------------------------------------------ [2009-09-23 17:29:56] bj...@php.net No idea. Its been like this for almost 4years.. Dan? Was this originally a limitation in PDO? ------------------------------------------------------------------------ [2009-09-23 16:17:57] sjo...@php.net Bjori, do you know why this was in the documentation? ------------------------------------------------------------------------ [2009-07-08 20:04:01] dhammari at q90 dot com Description: ------------ My PDO Statement seems to bind multiple parameters of the same name even though the PDO->Prepare documentation indicates that this should fail: "You cannot use a named parameter marker of the same name twice in a prepared statement." Nevertheless, my SQL statement that is reusing the same parameter is getting through and returning a valid result set from a MySQL engine. PHP Version: 5.2.9-pl2-gentoo System: Linux 2.6.27-gentoo-r8 Reproduce code: --------------- <?php // CREATE TABLE `testError` (`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `Name` VARCHAR( 50 ) NOT NULL , `Description` TEXT NOT NULL); // INSERT INTO `testError` (`id` , `Name` , `Description`) VALUES ('1', 'Binds Both Parameters', 'Seems to bind both parameters'), ('2', 'Binds All Parameters', 'Seems to bind all parameters'); $pdo = new PDO($_SESSION["API_DB_dsn"], $_SESSION["API_DB_username"], $_SESSION["API_DB_password"]); $sql = "SELECT * FROM testError WHERE id >= :myParameter AND LENGTH(name) > :myParameter AND 1 = :myParameter"; $params = array("myParameter" => 1); $statement = $pdo->prepare($sql); foreach($params as $key => $value){ $statement->bindParam(":".$key, $value); } $statement->debugDumpParams(); $success = $statement->execute(); if(!$success){ echo("\n<p style='color:red;'>SQL FAILED</p>\n"); var_dump($pdo->errorInfo()); var_dump($statement->errorInfo()); } else{ echo("\n<p style='color:green;'>SQL SUCCEEDED</p>\n"); $result = $statement->fetchALL(PDO::FETCH_ASSOC); var_dump($result); } ?> Expected result: ---------------- I expect to see the following error: Invalid parameter number: number of bound variables does not match number of tokens SQL FAILED array 0 => string '00000' (length=5) array 0 => string 'HY093' (length=5) Actual result: -------------- Instead, I get the following: SQL SUCCEEDED array 0 => array 'id' => string '1' (length=1) 'Name' => string 'Binds Both Parameters' (length=21) 'Description' => string 'Seems to bind both parameters' (length=29) 1 => array 'id' => string '2' (length=1) 'Name' => string 'Binds All Parameters' (length=20) 'Description' => string 'Seems to bind all parameters' (length=28) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48856&edit=1
