Escaping PDO 准备好的语句中的冒号 (:)

Question

$sql3 = 'SELECT sched_id, date_format(sched_date_time,\'%H:%i\') AS \'Time\'
              FROM schedule
              WHERE (date_format(sched_date_time,\'%Y-%m-%d\') = \':date\') AND schedule.film_id = :film_id';
              $sth2 = $pdo->prepare($sql3);
              $sth2->bindValue(':date','2021-12-18');
              // date_format($date,"%Y-%m-%d")
              $sth2->bindValue(':film_id',$row1['film_id']);
              $sth2->execute();

I am getting the following error

"Invalid parameter number: number of bound variables does not match number of tokens"

I belive this is being caused by the colon in the variable $sql3 in the SQL Function date_format() .

How do I escape the colon so that I can keep it for formatting without the PDO thinking its a declaration for a placeholder?

I have to use \\ before the colon to escape it as per answers in other questions but I continue to get the error.

I am using XAMPP as a portable/temporary development enviroment. XAMPP uses MariaDB as its database.

Answer 1

To prevent the need to escape quotes, define the SQL statement within double quotes:

$sql3 = "SELECT sched_id, date_format(sched_date_time,'%H:%i') AS 'Time'
FROM schedule
WHERE (date_format(sched_date_time,'%Y-%m-%d') = :date) 
AND schedule.film_id = :film_id";

$sth2 = $pdo->prepare($sql3);
$sth2->bindValue(':date','2021-12-18', PDO::PARAM_STR);
// date_format($date,"%Y-%m-%d")
$sth2->bindValue(':film_id',$row1['film_id'], PDO::PARAM_INT);
$sth2->execute();

As per the bindValue documentation , you can also explicitly set the type of the value.