#35368 [Fbk->Opn]: PDO query does not work properly with serialize

Thu, 24 Nov 2005 14:24:45 -0800 

 ID:               35368
 User updated by:  lists at cyberlot dot net
 Reported By:      lists at cyberlot dot net
-Status:           Feedback
+Status:           Open
 Bug Type:         PDO related
 Operating System: Centos 4.1
 PHP Version:      6CVS-2005-11-24 (snap)
 Assigned To:      wez
 New Comment:

Ok I narrowed down the exact issue, It has to do with use of ' vs the
use of "

SET value = 'serializedandescapedstring' -- BAD converts string as
mentioned
SET value = "serializedandescapedstring" -- Works

pdo->quote quotes the string for you by putting "" around it so it
works, If you try to quote yourself with '' you get my weird results.

Now that I know exactly whats going on its pretty easy to work around,
but could catch people off guard.


Previous Comments:
------------------------------------------------------------------------

[2005-11-24 20:12:05] [EMAIL PROTECTED]

Don't use HEAD, use PHP 5.1.
Which version of mysql are you using?

The following script works fine for me:

$db = new PDO('mysql:dbname=test;host=localhost', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$var =
'a:1:{s:4:"test";a:2:{s:5:"test2";s:4:"1234";s:5:"test3";s:6:"555353";}}';

$qvar = $db->quote($var);

$query = "INSERT INTO sessions SET value = $qvar";

//$q = $db->prepare($query);
//$q->execute();

$q = $db->query($query);
$q->debugDumpParams();


------------------------------------------------------------------------

[2005-11-24 17:12:04] lists at cyberlot dot net

pdo->quote does not solve the problem either

------------------------------------------------------------------------

[2005-11-24 17:02:43] lists at cyberlot dot net

Also tried with sqlite, did not get the same issue.

------------------------------------------------------------------------

[2005-11-24 16:46:13] lists at cyberlot dot net

Recompiled from
--with-pdo --with-mysql
to
--with-pdo --with-mysqli

Still the same issue so its within pdo itself and not some weird
interaction between pdo and mysql library

------------------------------------------------------------------------

[2005-11-24 16:29:41] lists at cyberlot dot net

I tried the same thing using prepare/bind/execute and it does insert
the serialized/escaped string properly with the slashes as expected so
this is limited to a issue with the pdo->query

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/35368

-- 
Edit this bug report at http://bugs.php.net/?id=35368&edit=1

Reply via email to