Wrong preg_replace results

[thejw23]

Query (with param test_id = 3):

SELECT * FROM test_items WHERE test_id = :test_id

Result in fullQuery:

SELECT * FROM test_items WHERE '3' = :test_id

fix for that (just colon added):

$testParam  = "/:" . $key . "(?!\w)/";

Result after fix:

SELECT * FROM test_items WHERE test_id= '3' 

Seems to work fine for me.

[noahheck]

While placeholder markers need the leading :, php source does indicate the leading : on the input parameter is optional, and if missing, is implied. Best practice (based on usage examples provided at php.net and elsewhere) suggest prepending the : on the input parameters, but that is clearly not a requirement.

@thejw23 - Thanks for reporting. Prepending a colon for every parameter isn't feasible. Instead, we'd need to test for the lack of the leading : on a non-numeric parameter, non-question mark parameter and prepend it in that case. If you are able to, please feel free to create a pull request with this in place. Otherwise, I'll be able to find time to do this over the next couple of days.

[noahheck]

@thejw23 - Thanks again for reporting. I have updated E_PDOStatement to handle input parameters without the leading ':'. Please continue to report any other issues you come across.