ID: 35368 Comment by: spfaoct at hotmail dot com Reported By: lists at cyberlot dot net Status: Suspended Bug Type: PDO related Operating System: * PHP Version: 6CVS, 5CVS Assigned To: wez New Comment:
<a href="http://www.uggshelf.com/Products.html";>ugg Boots</a> Previous Comments: ------------------------------------------------------------------------ [2009-09-18 00:49:41] wo at 126 dot com Warhammer online CDkey are the codes which be used to active your http://www.chihaironline.com /chi hair straighteners. Warhammer online accounts then will be needed after your http://www.chihaironline.com /chi hair tools have been activated. ------------------------------------------------------------------------ [2009-09-09 03:28:18] caiyilnlove at yahoo dot cn chi hair iron http://www.chihaironline.com Classic Cardy Ugg Boots http://www.myuggboots100.com/classic-cardy-ugg-boots.html ------------------------------------------------------------------------ [2009-09-09 02:12:46] woo at 126 dot com As the currency in the Warhammer world, plays an important role in the economic system. ------------------------------------------------------------------------ [2009-08-12 09:53:43] qiaosilver at 163 dot com http://www.uggboots-zone.com/ ugg boots http://www.ed-hardy.cc/ed-hardy-men-accessories/ed-hardy-scarves.html ed hardy scarves ------------------------------------------------------------------------ [2005-11-27 22:11:06] w...@php.net We managed to reproduce the problem; it's a problem with the query rewriter when it maps :name to ?. If the string is embedded in the SQL using single quotes, but has double quotes backslashed, the string it too tricky for the parser to follow, and it ends up transforming parts of the serialized string that it shouldn't. There are three possible workarounds for this issue, in order of preference: - Don't embed serialized data into the query string; use bound parameters (that's what they're there for). In future versions of PDO, prepared statements may be cacheable in persistent connections, leading to a performance gain. - Use PDO::quote() to correctly quote the string - Use PDO::exec() to fire off this UPDATE/INSERT statement; it uses an alternate API that doesn't need to handle parameters. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/35368 -- Edit this bug report at http://bugs.php.net/?id=35368&edit=1
