Description: ------------ The code to create a prepared statement name is not random enough and can cause collisions generating the error - [Native message: ERROR: prepared statement "mdb2_statement_pgsql_422336a461d3e76bb160213b37d39917" already exists] The code resides in pgsql.php Test script: --------------- //The following code is the culprit $statement_name = sprintf($this->options['statement_format'], $this->phptype, md5(time() + rand())); //This is better $statement_name = sprintf($this->options['statement_format'], $this->phptype, sha1(microtime() + mt_rand()));

This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.

This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.

Is there a reason the statement name is being randomly generated? Even though this patch is more random, it could still potentially collide. The chances of a collision go way up if you're doing many thousands of queries in a row (something I have to do from time to time). Why not add a new member to the MDB2_Driver_pgsql class: var $prep_statement_counter = 1; and then increment the counter for each new prepared statement: $statement_name = sprintf($this->options['statement_format'], $this->phptype, $this->prep_statement_counter++); No more collisions, no matter how many queries you run!

microtime() returns the current Unix timestamp with microseconds. This function is only available on operating systems that support the gettimeofday() system call. I personally do not know which systems do not support the gettimeofday() system call but another patch is the following: <?php class MDB2_Statement_Common{ function __destruct(){ $this->free();//free prepared statement handle } } ?>

I was hit by this bug, as there is no fix in the stable release. Pleas backport the fix to the stable release or if this is to complicated considdre the following option. ----------------------------- The real problem is time() + rand() and microtime() + mt_rand() are both addition of too integer values and if the script does many prepared statements there will be a collision. time() . rand() or microtime() . mt_rand() are much better as there will append the time() sting with an random number.