Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.0b5

Bug #8538 single quotes in prepared query cause syntax error
Submitted: 2006-08-22 21:57 UTC
From: astle at lexi dot net Assigned: lsmith
Status: Closed Package: MDB2 (version 2.2.1)
PHP Version: 5.1.4 OS: irrelevant
Roadmaps: (Not assigned)    
Subscription  


 [2006-08-22 21:57 UTC] astle at lexi dot net (William Astle)
Description: ------------ Using the mysqli driver and the prepare/execute method of doing a query fails if the prepared query has single quotes in it. Rewriting the query to parameterize the single-quoted constant allows the query to work as expected. It should not be required to parameterize a constant in a query. Test script: --------------- # Assuming a working connection in $db: $sth = $db -> prepare("SELECT * FROM table WHERE column = 'value' AND othercolumn = ?"); Expected result: ---------------- A usable statement object in $sth Actual result: -------------- An error object indicating a "syntax error".

Comments

 [2006-08-23 06:21 UTC] lsmith (Lukas Smith)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.