Edit report at http://bugs.php.net/bug.php?id=48314&edit=1
ID: 48314
Updated by: u...@php.net
Reported by: vr...@php.net
Summary: PDO_MySQL doesn't use prepared statements
Status: Open
Type: Bug
Package: PDO related
Operating System: Windows
PHP Version: 5.2.9
Block user comment: N
New Comment:
The sample script works fine with PHP 5.2.15-dev and MySQL 5.1.45-debug
. What could happen in your case is that your server does not support
preparing it and falls back to emulation.
Previous Comments:
------------------------------------------------------------------------
[2009-11-04 19:01:19] u...@php.net
Occasionally I am tempted to bogus any PDO MYSQL character set bug
report I see.
SET NAMES won't be recognized by the client and the wrong character set
will be used for escaping. Adding a DSN option to specify the character
set upon connect and setting it properly through the C API may be only
five lines of code.
But even if that would be implemented we would still have the PDO PS
emulation as a potential pitfall. PDO will call the driver for escaping
bound values and the driver will properly escape the values. But the PDO
SQL parser itself won't care much about the current character set when
searching for placeholders.
------------------------------------------------------------------------
[2009-09-29 21:41:34] u...@php.net
Well, you should not use SET NAMES. It will not change the charset used
for quoting. Currently there is no way to change the charset via an API
call.
Try ext/mysqli...
------------------------------------------------------------------------
[2009-05-18 13:45:30] vr...@php.net
Same result.
------------------------------------------------------------------------
[2009-05-18 13:43:31] johan...@php.net
Try also disabling PDO::ATTR_EMULATE_PREPARES. PHP 5.3 got some
improvements/fixes with PDO_mysql (due to mysqlnd work) not sure if some
parts can be backported.
------------------------------------------------------------------------
[2009-05-18 13:25:17] vr...@php.net
Description:
------------
It seems that PDO_MySQL doesn't use prepared statements even with
disabled PDO::MYSQL_ATTR_DIRECT_QUERY. If the prepared statements would
by used then the binary data passed in the example wouldn't cause a
parse error.
MySQL version: 5.1.26
Reproduce code:
---------------
<?php
$pdo = new PDO("mysql:host=localhost", "ODBC", "");
$pdo->setAttribute(PDO::MYSQL_ATTR_DIRECT_QUERY, false);
$pdo->exec("SET NAMES gbk");
$stmt = $pdo->prepare("SELECT ?");
$stmt->execute(array(chr(0xbf) . chr(0x27)));
print_r($stmt->errorInfo());
?>
Expected result:
----------------
Array
(
[0] => 00000
)
Actual result:
--------------
Array
(
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''¿\''' at line 1
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=48314&edit=1
