31

When passing named parameters of the form :name to PDOStatement::bindParam(), it seems to work whether or not the leading colon is used.

i.e. either this:

$statement->bindParam(':name', $var);

or this:

$statement->bindParam('name', $var);

seems to work.

Here's the documentation for PDOStatement::bindParam()

parameter

Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.

Does this mean the colon can be left off?

John Carter
  • 53,924
  • 26
  • 111
  • 144
  • I'd say the colon is needed in the SQL expression, but not when you name (identify) the name with `bindParam`. The PDO function is probably less strict here as it can define it's own interface to name the parameter. – hakre Jul 01 '12 at 11:01

1 Answers1

30

No, since the documentation doesn't mention this I think it's safe to assume that this behaviour isn't officially supported and shouldn't be relied upon.

However, it does actually happen to work (in PHP 5.3.24 at least) - internally a colon will be added to the parameter if it's missing (see ext/pdo/pdo_stmt.c:363 in the PHP 5.3.24 source code).

John Carter
  • 53,924
  • 26
  • 111
  • 144
  • I was wondering about the same question. My guess was that : is used to strictly diferentiate colName with sql keywords. It's good to know that PDO will fix missing : in bindings. I'll take hakre's advice and keep : in sql statements. – CoR Nov 13 '13 at 10:21
  • https://stackoverflow.com/questions/25591519/php-pdo-using-bindparam-first-argument-without-colon/71920041#71920041 – Rylee Apr 19 '22 at 05:25