ID: 44639
Comment by: nathan dot h at makemeheal dot com
Reported By: jgauld at blueyonder dot co dot uk
Status: Open
Bug Type: PDO related
Operating System: *
PHP Version: 5.*
New Comment:
Has this been fixed?
Interestingly, if you put value directly:
$fetchPictures->bindValue(':skip', 0, PDO::PARAM_INT);
this works.
But if I do
$fetchPictures->bindValue(':skip', trim($_GET['skip']),
PDO::PARAM_INT);
It doesn't work.
Also, for some reason I don't have issues with this one:
$fetchPictures->bindValue(':max', $max, PDO::PARAM_INT);
Previous Comments:
------------------------------------------------------------------------
[2009-11-19 22:04:21] [email protected]
Fixed invalid version. Please don't invent your own strings there. It
needs to start always with the major version number..
------------------------------------------------------------------------
[2009-10-25 19:29:28] mailmichael at yahoo dot com
Ran into same issue. Relatively new to php and mysql.
It seems PDOStatement wants to bind values as strings, even overriding
the explicit data type! It seems the safest way to use PDOStatements
with integers is to use bindValue, intval() for value and PDO::PARAM_INT
for explicit data type:
$pdoStmt->bindValue(':limit', intval($limit_value), PDO::PARAM_INT);
Here is my test code:
<?
echo phpversion();
$pdoh = new PDO('mysql:host=localhost');
$pdoh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$pdoStmt = $pdoh->prepare('SELECT 1 LIMIT :limit');
$pdoStmt->execute(Array(':limit' => 0));
$pdoStmt->bindValue(':limit', 0);
$pdoStmt->execute();
$pdoStmt->bindValue(':limit', '0', PDO::PARAM_INT);
$pdoStmt->execute();
?>
5.2.6-3ubuntu4.2
( ! ) Warning: PDOStatement::execute() [pdostatement.execute]:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ''0'' at line 1 in
pdotest.php on line 6
( ! ) Warning: PDOStatement::execute() [pdostatement.execute]:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ''0'' at line 1 in
pdotest.php on line 8
( ! ) Warning: PDOStatement::execute() [pdostatement.execute]:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ''0'' at line 1 in
pdotest.php on line 10
------------------------------------------------------------------------
[2009-09-24 09:03:55] [email protected]
Related reports: http://bugs.php.net/bug.php?id=49651 ,
http://bugs.php.net/49381
------------------------------------------------------------------------
[2009-09-22 21:18:23] [email protected]
The third parameter to bindValue defaults to PDO::PARAM_STR. This is
different than the original bug reporter said, so it must be changed in
the meantime. Because the datatype is PDO::PARAM_STR, the int is cast to
a string and quoted.
It would make sense to use the PHP type to determine the most logical
PDO::PARAM_* type. See also bug #44597, which is essentially the same
problem but with booleans and execute() instead of bindValue().
------------------------------------------------------------------------
[2009-08-17 17:38:15] [email protected]
But you didn't bother updating the version field. Done now..
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/44639
--
Edit this bug report at http://bugs.php.net/?id=44639&edit=1
