PLEASE READ THE QUESTION CAREFULLY. It is not usual silly "my code doesn't work!!!" question.
When I run this code with intended error
try {
$sth = $dbh->prepare("SELECT id FROM users WHERE name INN(?,?) ");
$sth->execute(array("I'm","d'Artagnan"));
} catch (PDOException $e) {
echo $e->getMessage();
}
I get this error message
You have an error in your SQL syntax ... near 'INN('I'm','d'Artagnan')' at line 1
But I thought for years that query and data being sent to the server separately and never interfere. Thus I have some questions (though I doubt anyone got an answer...)
- Where does it get such a familiar string representation - quoted and escaped? Is it being made especially to report an error or is it a part of actual query?
- How does it work in real? Does it substitute a placeholder with data or not?
- Is there a way to get whole query, not only little bit of it, for debugging purposes?
Update
mysqli
does it as expected: it throws an error says near 'INN(?,?)'
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…