SeanDowney
Reputation: 17734
PDO valid characters for placeholders
In PHP with PDO, what characters are we limited to using. I've tried looking in the documentation and online but to no avail.
I did find a post where a user had used a hypen in the name which broke the query. I'm writing a function that dynamically generates these names and since hyphens are no nos, I was wondering if there was a list of alternatives.
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
So in this example what characters would be allowed in the string ':colour'?
Upvotes: 23
Views: 5658
Answers (2)
NikiC
Reputation: 101926
The easiest way to find out, is to just check the source code:
BINDCHR = [:][a-zA-Z0-9_]+;
You can use alphanumeric + underscore.
Upvotes: 38
Sander Marechal
Reputation: 23216
If I read the PDO SQL parser source code correctly, it's alphanumeric characters plus underscore.
Upvotes: 10
Related Questions
- PHP PDO escape question mark so it doesn't think it is a placeholder
- PHP PDOStatement correct placeholder
- Why PDO doesn't allow multiple placeholders with the same name?
- PHP PDO with Special Characters
- PHP PDO Basics! Escaping/Unescaping Special Characters
- Named placeholders in with PDO mySQL causing server error
- PHP PDO::prepare() - SQL Error with placeholders
- can we give capital letter and underscore in pdo named placeholder
- Unable to insert integer when using PDO named placeholders
- How to separate a PDO named placeholder from rest of a string