Edit report at http://bugs.php.net/bug.php?id=54929&edit=1
ID: 54929
Updated by: johan...@php.net
Reported by: hencke at gmail dot com
Summary: Parse error with single quote in sql comment
(pdo-mysql)
Status: Open
Type: Bug
Package: PDO related
Operating System: linux (centos 5.5)
PHP Version: 5.2.17
Block user comment: N
Private report: N
New Comment:
The parser in PDO is extremely simple. The purpose is to translate place
holders according to the DBMS used (some allow ?, some allow :name, some
not ...). It is damn simple for doing that. It doesn't know about
comments. Comments are complicated as different DBMSes treat them
differently. A simple constructed MySQL example:
SELECT a,b,c FROM t WHERE a>b /*!50122 AND b = ?*/
There the parser has a hard time to guess what happens ...
Not sure there is a _good_ way to properly fix this issue.
Previous Comments:
------------------------------------------------------------------------
[2011-05-25 20:00:25] hencke at gmail dot com
Description:
------------
Using php 5.2.17
Tested PDO with mysql, haven't tried other drivers.
Configure Command => './configure' '--disable-cgi' '--with-mysql'
'--enable-pdo' '--with-pdo-mysql' '--with-libdir=lib64'
There is a PDO parsing error when a single quote is inside a block
comment. This seems to only occur when there is an input parameter
between a commented single quote and any other single quote, either as
part of the query or in another comment.
It looks like the single quotes aren't getting ignored in the comment,
and cause parameters to not be replaced with their values.
Example SQL that causes a parse error:
/* ' */ select ? as f1, 'foo' as f2
This also causes errors:
/* ' */ select ? as f1 /* ' */
Test script:
---------------
<?
//This query breaks:
$query = "/* ' */ select ? as f1, 'bar' as f2";
//This query also breaks:
//$query = "/* ' */ select ? as f1 /* ' */";
$pdodb = new PDO("mysql:dbname=test;host=127.0.0.1", "testuser",
"testuser");
$stmt = $pdodb->prepare($query);
if (!$stmt->execute(array("foo"))) {
$errInfo = $stmt->errorInfo();
print_r($errInfo);
}
?>
Expected result:
----------------
The single quotes should be completely ignored when inside comments, and
the ? should be replaced with the input parameter value "'foo'".
Actual result:
--------------
The query doesn't execute successfully, with the following PDO error
info:
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '? as f1, 'bar' as f2' at line 1
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54929&edit=1
