ID: 38643
User updated by: chris dot vigelius at gmx dot net
Reported By: chris dot vigelius at gmx dot net
-Status: Feedback
+Status: Open
Bug Type: PDO related
Operating System: Linux
PHP Version: 5.1.5
New Comment:
// prepare the database
$dbh = new
PDO('mysql:host=localhost;dbname=test', 'test', 'test');
$dbh->exec("DROP TABLE IF EXISTS user");
$dbh->exec("CREATE TABLE user ( name VARCHAR(32), email
VARCHAR(32), PRIMARY KEY (name) );");
$dbh->exec("INSERT INTO user VALUES
('fritz', '[EMAIL PROTECTED]')");
$dbh->exec("INSERT INTO user VALUES
('otto', '[EMAIL PROTECTED]')");
// this will return 2 rows where 0 are expected
$stmt = $dbh->prepare("SELECT * FROM user WHERE name=:user
OR email=:user");
$stmt->execute(array(':user' => 'franz'));
$rows = $stmt->fetchAll(PDO::FETCH_OBJ);
var_dump($rows);
// this workaround will return 0 rows as expected
$stmt = $dbh->prepare("SELECT * FROM user WHERE name=:user1
OR email=:user2");
$stmt->execute(array(':user1' => 'franz', ':user2'
=> 'franz'));
$rows = $stmt->fetchAll(PDO::FETCH_OBJ);
var_dump($rows);
Previous Comments:
------------------------------------------------------------------------
[2006-08-30 11:12:34] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2006-08-30 11:11:15] chris dot vigelius at gmx dot net
the current snapshot does NOT solve the problem - there are
still all rows returned.
------------------------------------------------------------------------
[2006-08-29 20:45:43] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5.2-win32-latest.zip
------------------------------------------------------------------------
[2006-08-29 15:18:47] chris dot vigelius at gmx dot net
Description:
------------
If a parameter appears more than once in a parametrized query,
unexpected behaviour occurs
Reproduce code:
---------------
$dbh = new PDO(...)
$stmt = $dbh->prepare("SELECT * FROM user WHERE name=:user OR
email=:user");
$stmt->execute(array(':user' => 'franz'));
Expected result:
----------------
only the rows are returned where either name or email are set to
'franz'
Actual result:
--------------
always all rows of the table are returned, which is clearly not what
one would expect
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38643&edit=1
