Invalid parameter number: no parameters were bound

[blat]

Query with \' + ? can't be prepared.

Example:

$db = new PDO("cassandra:host=localhost;port=9160");
$query = "INSERT INTO test (a, b) VALUES (" . $db->quote("f\'oo") . ", " . $db->quote("bar?") . ")";
$stmt = $db->prepare($query);
$stmt->execute();

Result:

PHP Warning:  PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound

But, $query is valid:

INSERT INTO test (a, b) VALUES ('f\''oo', 'bar?');

Copy/paste it in a cqlsh, it works!

[ghost]

Try

$db = new PDO("cassandra:host=localhost;port=9160");
$stmt = $db->prepare("INSERT INTO test (a, b) VALUES (:a, :b);");
$stmt->bindValue(':a', 'f\'oo');
$stmt->bindValue(':b', 'bar?');
$stmt->execute();

[blat]

Yes, I know.

This works too:

$db = new PDO("cassandra:host=localhost;port=9160");
$query = "INSERT INTO test (a, b) VALUES (" . $db->quote("f\'oo") . ", " . $db->quote("bar?") . ")";
$db->query($query);

But my first example works with PDO MySQL. It's not a critical issue, but it's a bug :)

[mlornac-orange]

I am not sure this is a bug. The string "f\'oo" is not correct. It should be written either "f'oo" or "f\'oo" if you want to insert a backslash in your string.

You escape the single quote if you write your string in single quotes. eg. 'f\'oo'

[blat]

I want to insert f\'oo (OK, it's tricky, but why not...) I call quote() to escape my string. quote() returns f\''oo.

There is two possible issues:

• quote() have to escape \ and ' to return f\\\'oo (done by MySQL PDO) ;
• quote() works as expected (f\''oo is correctly escaped according cqlsh) and prepare() + execute() have to handle this.

In both cases, there is a bug in Cassandra PDO.