Home/ Questions/Q 8474137
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T17:32:43+00:00

I am trying to execute this query using PDO: select * from users where

  • 0

I am trying to execute this query using PDO:

select * from users where uuid = 0x1e8ef774581c102cbcfef1ab81872213;

I pass this SQL query to the prepare method of PDO:

select * from users where uuid = :uuid

Then I pass this hashmap to execute:

Array ( [:uuid] => 0x1e8ef774581c102cbcfef1ab81872213 )

It looks like this query is being executed on the mysql server, when I call fetchAll: 

select * from users where uuid = '0x1e8ef774581c102cbcfef1ab81872213';

How can I execute the query without having PDO add the quotes around my hex?

Thanks,
Steve

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your value HAS to be inserted as a string, as it’s far beyond (128bit) what can be represented as a normal number in PHP in both 64bit and 32bit editions.

    e.g. skip the placeholders and embed it into the query string directly:

    $uuid = '0x....';
$sql = "SELECT ... WHERE uuid = $uuid";

    which means you lose the benefits of placeholders, and will have to deal with SQL injection mitigation directly.

    You don’t mention which DBMS you’re using, but you might be able to get around it by exploiting your DBMS’s casting functions, eg.

    SELECT... WHERE uuid = CAST(:uuid AS uuid_type)

    with this, even though it goes into the DB as a string, it’ll be treated as a native uuid when push comes to shove.

    • 0