ID: 44597 Updated by: [email protected] Reported By: kenaniah at gmail dot com Status: Open Bug Type: PDO related Operating System: Red Hat 4.1.1 PHP Version: 5.2.6 New Comment:
It is a bad idea to determine the PDO type from the PHP type. First, it would break existing scripts which assume false is cast to an empty string, like this: $a[] = strstr($foo, $bar); // may return false $pdo->execute($a); Secondly, the correct type to use is the type of the column, not the type of the PHP parameter. Consider the following query: SELECT * FROM foo WHERE a=? If a is a boolean, the parameter to execute() or bindBaram() should be converted to a boolean, no matter what the type of the passed parameter is. Finally, one of PHP features is that it dynamically changes types. The type of a variable should be transparent to the user. Therefore, the behavior of a function should not change when it is passed another type. To solve this, you should always specify the PDO type. Only the programmer knows which types the column in the query have, PHP can not determine this automatically. Previous Comments: ------------------------------------------------------------------------ [2009-09-22 18:31:34] [email protected] Currently, every variable is assumed to be PDO_PARAM_STR. This patch changes this to PDO_PARAM_INT or PDO_PARAM_BOOL if the passed variable is a long or a bool, respectively. http://www.gissen.nl/files/bug44597.patch This may break existing scripts, which depend on false being converted to an empty string. ------------------------------------------------------------------------ [2009-09-21 19:48:55] kenaniah at gmail dot com In response to sjoerd, this may very well be a product of bad documentation, but that does not exclude the functional use case. One could reasonably claim that proper detection of parameter types should in fact be part of the functional definition of execute(). Virtually every database interface built on top of PDO works around this boolean "bug" and allows support for mixed content in the parameter array to a prepared statement. IMHO, the PDO core should therefore be no different. Whether classified as a bug or a feature, I believe that this should still be addressed. ------------------------------------------------------------------------ [2009-09-21 19:18:21] [email protected] I think this is not a bug but a limitation of execute(): it assumes the values in the array are string. If you want it interpreted differently, you should call bindParam() with a data_type parameter. I filed Bug #49614 "PDOStatement::execute assumes string values in array" to clarify the documentation. ------------------------------------------------------------------------ [2009-09-13 20:55:01] kenaniah at gmail dot com This is still reproducible on 5.3.0 paired with PG 8.x ------------------------------------------------------------------------ [2009-09-13 19:08:46] ant at specialops dot ath dot cx I can still reproduce this on PHP 5.3.0 and PostgreSQL 8.4.1. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44597 -- Edit this bug report at http://bugs.php.net/?id=44597&edit=1
