How does PDO MySQL handle parameters in prepared statements?

Question

For example in Named Placeholder in my prepared statemens, I can have:

<?php
$stmt = $db->prepare("SELECT * FROM table WHERE id=:id AND name=:name");
$stmt->bindValue(':id', $id, PDO::PARAM_INT);
$stmt->bindValue(':name', $name, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

Will the ->bindValue with PDO::PARAM_INT check if the $id is really an integer using "is_int" or "is_numeric" PHP functions, or somehow otherwise, and will it fail and crash if the $id isn't what ->bindValue with PDO::PARAM_INT setting set expects it to be?

I am new to PDO MySQL and I am also wondering will the:

$stmt->bindValue(':name', $name, PDO::PARAM_STR);

Fix any encoding issues if accountered in $name, can it automatically deal trimming and striping tags as well?

Answer 1

Will the ->bindValue with PDO::PARAM_INT check if the $id is really an integer using

It will not be checked. Binding a variable as PARAM_INT will make PHP simply cast it to integer (int)"123" first. No errors occur, non-numeric strings will simply be cast to zero. See also the PHP manual on String conversion to numbers.

... PDO::PARAM_STR);
Fix any encoding issues if accountered in $name, can it automatically deal trimming and striping tags as well?

For string-type parameters there will be no automatic trimming or transformation of the passed value.

If the input charset differs from the database charset, then the encoding will be adapted either by the PDO driver, or by the receiving database server. But that's all.