I run the following code:
$conn = new PDO(....);
.... pdo attributes ...
$limitvalue = 0;
$limit = 10;
$sql = $conn->prepare("SELECT * FROM table1 LIMIT ?, ?");
$sql->bindParam(1, $limitvalue, PDO::PARAM_INT);
$sql->bindParam(2, $limit, PDO::PARAM_INT);
$sql->execute();
And i get:
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 'NULL, 10' at line 1'
It happens only with this particular query. Everything else is OK.
Btw: I know it may look stupid that i do prepared statements for "in-code" values. But it is just an example. In fact the values are depending on the page number but it doesn't matter here - this query is giving the same error too.
If anybody is interested, the PHP version is: 5.3.4RC2 and MySQL's is: mysqlnd 5.0.7-dev - 091210 - $Revision: 304625 $
解决方案
This seems to be a php bug : PDO ignores the PARAM_INT constant and use the $limit and $limitvalue variables as string. Which are quoted in the query when bound.
Try using :
$sql->bindParam(1, (int)$limitvalue, PDO::PARAM_INT);
$sql->bindParam(2, (int)$limit, PDO::PARAM_INT);
To force the variables type to int.
342
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
