From: dhammari at q90 dot com
Operating system: Linux 2.6.27-gentoo-r8
PHP version: 5.2.10
PHP Bug Type: PDO related
Bug description: PDO_Statement->bindParam binds multiple parameters of the
same name
Description:
------------
My PDO Statement seems to bind multiple parameters of the same name even
though the PDO->Prepare documentation indicates that this should fail: "You
cannot use a named parameter marker of the same name twice in a prepared
statement." Nevertheless, my SQL statement that is reusing the same
parameter is getting through and returning a valid result set from a MySQL
engine.
PHP Version: 5.2.9-pl2-gentoo
System: Linux 2.6.27-gentoo-r8
Reproduce code:
---------------
<?php
// CREATE TABLE `testError` (`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY
, `Name` VARCHAR( 50 ) NOT NULL , `Description` TEXT NOT NULL);
// INSERT INTO `testError` (`id` , `Name` , `Description`) VALUES ('1',
'Binds Both Parameters', 'Seems to bind both parameters'), ('2', 'Binds All
Parameters', 'Seems to bind all parameters');
$pdo = new PDO($_SESSION["API_DB_dsn"], $_SESSION["API_DB_username"],
$_SESSION["API_DB_password"]);
$sql = "SELECT * FROM testError WHERE id >= :myParameter AND
LENGTH(name) > :myParameter AND 1 = :myParameter";
$params = array("myParameter" => 1);
$statement = $pdo->prepare($sql);
foreach($params as $key => $value){
$statement->bindParam(":".$key, $value);
}
$statement->debugDumpParams();
$success = $statement->execute();
if(!$success){
echo("\n<p style='color:red;'>SQL FAILED</p>\n");
var_dump($pdo->errorInfo());
var_dump($statement->errorInfo());
}
else{
echo("\n<p style='color:green;'>SQL SUCCEEDED</p>\n");
$result = $statement->fetchALL(PDO::FETCH_ASSOC);
var_dump($result);
}
?>
Expected result:
----------------
I expect to see the following error:
Invalid parameter number: number of bound variables does not match number
of tokens
SQL FAILED
array
0 => string '00000' (length=5)
array
0 => string 'HY093' (length=5)
Actual result:
--------------
Instead, I get the following:
SQL SUCCEEDED
array
0 =>
array
'id' => string '1' (length=1)
'Name' => string 'Binds Both Parameters' (length=21)
'Description' => string 'Seems to bind both parameters' (length=29)
1 =>
array
'id' => string '2' (length=1)
'Name' => string 'Binds All Parameters' (length=20)
'Description' => string 'Seems to bind all parameters' (length=28)
--
Edit bug report at http://bugs.php.net/?id=48856&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=48856&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=48856&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=48856&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=48856&r=fixedcvs
Fixed in CVS and need be documented:
http://bugs.php.net/fix.php?id=48856&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=48856&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=48856&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=48856&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=48856&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=48856&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=48856&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=48856&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=48856&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=48856&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48856&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=48856&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=48856&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=48856&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=48856&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=48856&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=48856&r=mysqlcfg
