#36760 [Opn->Bgs]: PDO find Parameter but there's no parameter

tony2001 Sat, 18 Mar 2006 09:20:32 -0800

 ID:               36760
 Updated by:       [EMAIL PROTECTED]
 Reported By:      n dot escuder at intra-links dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         PDO related
 Operating System: Linux
 PHP Version:      5.1.2
 New Comment:


Using mysql_escape_string() with PDO is definitely not the recommended
way. 
Use bound parameters instead.


Previous Comments:
------------------------------------------------------------------------

[2006-03-16 18:10:37] n dot escuder at intra-links dot com

Description:
------------
PDO Found some parameter / value.


Reproduce code:
---------------
$pdo = new PDO('mysql:host=192.168.69.20;dbname=Released', 'Web',
'Master99');
$query = "update Test set value='";

$var = "enabled=boolean:true
description=string:\"Test\"
type=integer?
";

$query .= mysql_escape_string($var);

$query  .= "', where id='2'";

$statement = $pdo->prepare($query);
$statement->execute();


Expected result:
----------------
No warning / error and the update of the database with the real content
of $var.



Actual result:
--------------
Actually no update if $var is = "enabled=boolean:true
description=string:\"Test\"
type=integer?
";

but if $var is = "enabled=boolean:true
description=string:\"Test\"
type=integer?";

in the database we found : 
enabled=boolean?
description=string:"Test"
type=integer?


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=36760&edit=1

#36760 [Opn->Bgs]: PDO find Parameter but there's no parameter

Reply via email to