doctrine/archived-orm
1
0
Fork 0
mirror of https://github.com/doctrine/orm.git synced 2026-03-23 22:42:18 +01:00
Code Issues 5.3k Packages Projects Releases 100 Wiki Activity

DDC-354: Set parameter on NativeQuery shouldn't quote numbers #438

New Issue
Closed
opened 2026-01-22 12:38:15 +01:00 by admin · 10 comments
admin commented 2026-01-22 12:38:15 +01:00
Owner
Copy Link

Originally created by @doctrinebot on GitHub (Feb 20, 2010).

Jira issue originally created by user kanundrum:

On a native sql query when a number is passed in setParameter it gets quoted. This messes up the query if one of the parameters is a limit (e.g. LIMIT ?, ? breaks because the integer is quoted).

$query = $this->em->createNativeQuery('SELECT * FROM users LIMIT ?,?',$rsm);
$query->setParameter(1,0);
$query->setParameter(2,20);

//outputs SELECT * FROM users LIMIT '0','20' which isn't correct sql

Originally created by @doctrinebot on GitHub (Feb 20, 2010). Jira issue originally created by user kanundrum: On a native sql query when a number is passed in setParameter it gets quoted. This messes up the query if one of the parameters is a limit (e.g. LIMIT ?, ? breaks because the integer is quoted). ``` $query = $this->em->createNativeQuery('SELECT * FROM users LIMIT ?,?',$rsm); $query->setParameter(1,0); $query->setParameter(2,20); ``` //outputs SELECT \* FROM users LIMIT '0','20' which isn't correct sql
admin added the Improvement label 2026-01-22 12:38:15 +01:00
admin closed this issue 2026-01-22 12:38:15 +01:00
admin commented 2026-01-22 12:38:17 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Feb 28, 2010):

Comment created by @guilhermeblanco:

That's a limitation of PDO and it's out of scope of Doctrine.

Unfortunately, we cannot fix it.

@doctrinebot commented on GitHub (Feb 28, 2010): Comment created by @guilhermeblanco: That's a limitation of PDO and it's out of scope of Doctrine. Unfortunately, we cannot fix it.
admin commented 2026-01-22 12:38:17 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

PDO should certainly not quote the numbers but I cant reproduce it. It works fine for me. Doctrine certainly isnt quoting them afaik.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: PDO should certainly not quote the numbers but I cant reproduce it. It works fine for me. Doctrine certainly isnt quoting them afaik.
admin commented 2026-01-22 12:38:19 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

OK, got it reproduced with MySql. This needs investigation.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: OK, got it reproduced with MySql. This needs investigation.
admin commented 2026-01-22 12:38:19 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

This is definitely related to PDO. I think its because all parameters default to PDO::PARAM_STR.

Doesnt work:

        $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ?,?');
        $stmt->bindValue(1, 0);
        $stmt->bindValue(2, 20);
        $stmt->execute();

Works:

        $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ?,?');
        $stmt->bindValue(1, 0, \PDO::PARAM_INT);
        $stmt->bindValue(2, 20, \PDO::PARAM_INT);
        $stmt->execute();

This is a real problem.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: This is definitely related to PDO. I think its because all parameters default to PDO::PARAM_STR. Doesnt work: ``` $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ?,?'); $stmt->bindValue(1, 0); $stmt->bindValue(2, 20); $stmt->execute(); ``` Works: ``` $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ?,?'); $stmt->bindValue(1, 0, \PDO::PARAM_INT); $stmt->bindValue(2, 20, \PDO::PARAM_INT); $stmt->execute(); ``` This is a real problem.
admin commented 2026-01-22 12:38:19 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by @beberlei:

This is what Guilherme meant with PDO scope.

The only possible fix would be extending the setParameter API for NativeQueries.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by @beberlei: This is what Guilherme meant with PDO scope. The only possible fix would be extending the setParameter API for NativeQueries.
admin commented 2026-01-22 12:38:21 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

It is more problematic than that, because the ORM currently does not set explicit binding types when binding parameter values. The handling may depend on the concrete PDO driver implementation since our Postgres tests work fine, even though postgres would immediately complain if any number is quoted.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: It is more problematic than that, because the ORM currently does not set explicit binding types when binding parameter values. The handling may depend on the concrete PDO driver implementation since our Postgres tests work fine, even though postgres would immediately complain if any number is quoted.
admin commented 2026-01-22 12:38:21 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

This is definitely driver-dependant. On Postgres, this works:

        $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ? OFFSET ?');
        $stmt->bindValue(1, 0);
        $stmt->bindValue(2, 20);
        $stmt->execute();

Looks like an ugly inconsistency...

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: This is definitely driver-dependant. On Postgres, this works: ``` $stmt = $pdo->prepare('SELECT * FROM DDC425Entity LIMIT ? OFFSET ?'); $stmt->bindValue(1, 0); $stmt->bindValue(2, 20); $stmt->execute(); ``` Looks like an ugly inconsistency...
admin commented 2026-01-22 12:38:22 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 19, 2010):

Comment created by romanb:

I am thinking about possible workarounds/solutions to optionally use explicit binding types.

@doctrinebot commented on GitHub (Mar 19, 2010): Comment created by romanb: I am thinking about possible workarounds/solutions to optionally use explicit binding types.
admin commented 2026-01-22 12:38:23 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 29, 2010):

Comment created by romanb:

You can now use PDO binding types as well as DBAL mapping types to work around this issue.

use Doctrine\DBAL\Types\Type;
...
$query->setParameter(1, 0, Type::INTEGER);
$query->setParameter(2, 10, Type::INTEGER);

or even just ...

use PDO;
...
$query->setParameter(1, 0, PDO::PARAM_INT);
$query->setParameter(2, 10, PDO::PARAM_INT);
@doctrinebot commented on GitHub (Mar 29, 2010): Comment created by romanb: You can now use PDO binding types as well as DBAL mapping types to work around this issue. ``` use Doctrine\DBAL\Types\Type; ... $query->setParameter(1, 0, Type::INTEGER); $query->setParameter(2, 10, Type::INTEGER); ``` or even just ... ``` use PDO; ... $query->setParameter(1, 0, PDO::PARAM_INT); $query->setParameter(2, 10, PDO::PARAM_INT); ```
admin commented 2026-01-22 12:38:23 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Mar 29, 2010):

Issue was closed with resolution "Fixed"

@doctrinebot commented on GitHub (Mar 29, 2010): Issue was closed with resolution "Fixed"
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
BC Break
Bug
Can't Fix
Deprecation
Documentation
DQL
Duplicate
Failing Test
Hacktoberfest
Improvement
Improvement
Incomplete
Invalid
Missing Tests
New Feature
PR Created
pull-request
Mirrored from GitHub Pull Request
 Question
Regression
Status: Waiting feedback
Waiting feedback
WIP
Won't Fix
No Label Improvement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: doctrine/archived-orm#438
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?