Cusy Cusy - 6 months ago 12
PHP Question

Question mark issue with ADOdb and MSSQL

I'm running into an issue with ADOdb's PHP library (https://sourceforge.net/projects/adodb/) and MSSQL Server 2012

I'm doing a simple update statement with a placeholder, just like this one, but it fails saying I didn't give enough parameters to the Execute function:

UPDATE report SET custom='Is this ok?' WHERE ID = ?


I checked the adodb-mssql.inc.php and in the Prepare function it simple replace every ? with the @P syntax for MSSQL, instead of checking what is a Placeholder and what is not:

function Prepare($sql)
{
$sqlarr = explode('?',$sql);
if (sizeof($sqlarr) <= 1) return $sql;
$sql2 = $sqlarr[0];
for ($i = 1, $max = sizeof($sqlarr); $i < $max; $i++) {
$sql2 .= '@P'.($i-1) . $sqlarr[$i];
}
return array($sql,$this->qstr($sql2),$max,$sql2);
}


So in my query I get 2 @P params (@P0 inside the quotes (not intended as a placeholder), @P1 as the real placeholder), resulting in already said error since I only give the Execute function 1 parameter to replace instead of two.

Is this a know limit of the ADOdb library? Do I have to check every field and replace the question mark not used as placeholder with something different before executing the query or am I missing something?

Answer

I've been browsing the code. This library is terribly outdated (it's written for PHP/4!) and the mssql driver is particularly bad. You might have better luck if you can use the PDO or SQLSRV drivers (at least they appear to use native prepared statements) but I guess it's an existing legacy app or you wouldn't be using such library in the first place.

If you can't switch drivers (or doing so doesn't solve the issue) I think you'll have to live with the bug and pass static strings as parameters as well, turning this:

$sql = "UPDATE report SET custom='Is this ok?' WHERE ID = ?";

... into this:

$sql = "UPDATE report SET custom = ? WHERE ID = ?";