Edit report at https://bugs.php.net/bug.php?id=49651&edit=1
ID: 49651 Comment by: alvaro at demogracia dot com Reported by: mmarais at centrapel dot com Summary: "IN" statment badly handled in bindValue Status: Closed Type: Bug Package: PDO related Operating System: Linux version 2.6.18-6-686 (Debi PHP Version: 5.2.11 Block user comment: N Private report: N New Comment: IMHO: not dupe, just invalid. You can't use one place-holder to inject six parameters. Previous Comments: ------------------------------------------------------------------------ [2009-09-24 09:02:47] u...@php.net Closing because it is a duplicate of http://bugs.php.net/bug.php?id=44639 . Please follow up in the other bug report. A workaround is to specify the type of the parameter explicitly. ------------------------------------------------------------------------ [2009-09-24 08:48:18] mmarais at centrapel dot com Description: ------------ Using named paramters with the "IN" statement does not work correctly. Is a list is used as a parameter with bindValue this list is interpreted as a quoted string in the sql command Reproduce code: --------------- $arrEmployees = array(1,2,3,4,5,6); $strSQL = " SELECT id, name FROM employees WHERE id in (:my_list); "; $objPDOStatement = $objPDO->prepare($strSQL); $objPDOStatement -> bindValue(':my_list', implode(',', $arrEmployees)); $objPDOStatement -> execute(); Expected result: ---------------- -------------- id | name -------------- 1 | John Doe 2 | Jack Doe 3 | Gill Doe 4 | Ralf Doe 5 | Sven Doe 6 | Carl Doe -------------- Actual result: -------------- -------------- id | name -------------- 1 | John Doe -------------- In sql cli, same results as if running SELECT id, name FROM employees WHERE id in ('1,2,3,4,5,6'); -- List with quotes; when expecting SELECT id, name FROM employees WHERE id in (1,2,3,4,5,6); -- List with no quotes; ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=49651&edit=1
