New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error while binding short string with slash suffix #177
Comments
According to the PostqreSQL documentation, everything is ok: https://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
There are a mention switches |
This is some bug in PDO parameters binding. The
Query IMHO the bug is in internal PDO values binding code when they are looking for
Focus on the Code to reproduce: $pdo = new PDO('pgsql:host=localhost;dbname=test', 'test', 'test');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->query('SET standard_conforming_strings TO on');
$stmt = $pdo->prepare("INSERT INTO test (col1, col2, col3) VALUES ('\\', ?, '')");
$stmt->bindValue(1, 'x', PDO::PARAM_STR);
$stmt->execute(); If you don't, I'll report PHP bug in the evening. |
Workaround is |
That would be great if you could report it, I do not know the PostgreSQL at all. (I only develop its drivers :-) ) |
Can |
We have solved it by workaround because sending all strings as parameters causes incompatibility in PostgreSQL:
On the other hand, this behavior relies on the 20-character limit, so maybe a BC break could be done in 2.4. |
There is a PREPARE statement, but I don't know syntax using
It is probably related to PHP #36652, workaround is mentioned in comment. |
IMHO just PDO::ATTR_EMULATE_PREPARES causes this issue… |
I don't think so. With ATTR_EMULATE_PREPARES = false it uses PostgreSQL $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
# PG log
# LOG: statement: INSERT INTO test (col1, col2, col3) VALUES ('a', 'x', ' ')
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
# PG log
# LOG: execute pdo_stmt_00000001: INSERT INTO test (col1, col2, col3) VALUES ('a', $1, ' ')
# DETAIL: parameters: $1 = 'x' But with buggy query from this issue, it fails in the same way in both cases:
|
It seems to me that issue appears only when some string ends with $stmt = $pdo->prepare("INSERT INTO test (col1, col2, col3) VALUES ('\\', ?, ' ')"); # BUGGY
$stmt = $pdo->prepare("INSERT INTO test (col1, col2, col3) VALUES ('\\ ', ?, ' ')"); # OK
$stmt = $pdo->prepare("INSERT INTO test (col1, col2) VALUES ('\\', ?)"); # OK |
What about |
It's buggy too. |
Reported PHP #74996. |
Hi, big thanks for really quick fix! |
Description
Get error syntax exception, when mixing short (with suffix ) and long string parameters binding to INSERT or UPDATE query (maybe there are probably more scenarios to get this error).
Steps To Reproduce
I have tested this with PostqreSQL. Let's create this simple table:
Then run this command:
This exception is thrown:
This behavior is probably fixed in 3.0.0-alpha with commit 644b587. To fix this in 2.4 branch it is possible to change SqlPreprocessor->formatValue to bind all strings as variable, not only strings longer than 20 characters. Bud I don't why this logic is there, maybe this update could be BC?
The text was updated successfully, but these errors were encountered: