Edit report at http://bugs.php.net/bug.php?id=54929&edit=1
ID: 54929
Updated by: fel...@php.net
Reported by: hencke at gmail dot com
-Summary: Parse error with single quote in sql comment
(pdo-mysql)
+Summary: Parse error with single quote in sql comment
-Status: Open
+Status: Closed
Type: Bug
Package: PDO related
Operating System: linux (centos 5.5)
PHP Version: 5.2.17
-Assigned To:
+Assigned To: felipe
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2011-05-26 15:18:55] johan...@php.net
The parser in PDO is extremely simple. The purpose is to translate place
holders according to the DBMS used (some allow ?, some allow :name, some not
...). It is damn simple for doing that. It doesn't know about comments.
Comments are complicated as different DBMSes treat them differently. A simple
constructed MySQL example:
SELECT a,b,c FROM t WHERE a>b /*!50122 AND b = ?*/
There the parser has a hard time to guess what happens ...
Not sure there is a _good_ way to properly fix this issue.
------------------------------------------------------------------------
[2011-05-25 20:00:25] hencke at gmail dot com
Description:
------------
Using php 5.2.17
Tested PDO with mysql, haven't tried other drivers.
Configure Command => './configure' '--disable-cgi' '--with-mysql'
'--enable-pdo' '--with-pdo-mysql' '--with-libdir=lib64'
There is a PDO parsing error when a single quote is inside a block comment.
This seems to only occur when there is an input parameter between a commented
single quote and any other single quote, either as part of the query or in
another comment.
It looks like the single quotes aren't getting ignored in the comment, and
cause parameters to not be replaced with their values.
Example SQL that causes a parse error:
/* ' */ select ? as f1, 'foo' as f2
This also causes errors:
/* ' */ select ? as f1 /* ' */
Test script:
---------------
<?
//This query breaks:
$query = "/* ' */ select ? as f1, 'bar' as f2";
//This query also breaks:
//$query = "/* ' */ select ? as f1 /* ' */";
$pdodb = new PDO("mysql:dbname=test;host=127.0.0.1", "testuser", "testuser");
$stmt = $pdodb->prepare($query);
if (!$stmt->execute(array("foo"))) {
$errInfo = $stmt->errorInfo();
print_r($errInfo);
}
?>
Expected result:
----------------
The single quotes should be completely ignored when inside comments, and the ?
should be replaced with the input parameter value "'foo'".
Actual result:
--------------
The query doesn't execute successfully, with the following PDO error info:
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '? as f1, 'bar'
as f2' at line 1
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54929&edit=1
