PHP Obnoxiousness

25 March 2006

I’ve been working on a PHP project for the last few weeks. I don’t mind PHP all that much–it’s an awful language, of course, but it’s not bad for getting things done. (The on-line man pages, in particular, are much better than that of any other language.)

However. PHP does pull some really stupid shit sometimes. Today I was trying to do a simple insert into a data­base and it kept failing with a “file not found” error message. Even­tu­ally I got it down to three lines; this may not be exactly right, but it was some­thing very close to:

$dbh = odbc_connect($DATABASE, $USERNAME, $PASSWORD);
$sth = odbc_prepare($dbh, "INSERT INTO ArtObject('name') VALUES(?)");
$res = odbc_execute($sth, array("'j'"));

And still it gave the error message! Worse, if I created a file “j”, it would do the insert without complaint!

As it turns out, this is by design. If you insert a string that begins and ends with a single quote, the bit between the quotes is treated as a file­name (!) whose con­tents make up the value of the place­holder (!!). It might help to be a pro­gram­mer to ap­pre­ci­ate this, but this be­hav­iour is utterly insane.

Every­one knows there are quoting issues with data­base inserts, but: (a) in every other language/library, if you use placeholders, you don’t have to worry about this; and (b) if there is some quoting issue you get broken SQL or similar–you don’t get the insert func­tion trying to read from a file.