Prevent emulation of SQL prepare-statements

Author: tvdijen

docs/simplesamlphp-customauth.md

@@ -352,6 +352,7 @@ class MyAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
         /* Connect to the database. */
         $db = new PDO($this->dsn, $this->username, $this->password, $this->options);
         $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 
         /* Ensure that we are operating with UTF-8 encoding.
          * This command is for MySQL. Other databases may need different commands.

modules/core/src/Storage/SQLPermanentStorage.php

@@ -65,6 +65,8 @@ public function __construct(string $name, ?Configuration $config = null)
         $this->db = new PDO($dbfile);
         if ($this->db) {
             $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
+            $this->db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
+
             $q = @$this->db->query('SELECT key1 FROM data LIMIT 1');
             if ($q === false) {
                 $this->db->exec('

src/SimpleSAML/Database.php

@@ -162,6 +162,7 @@ private function connect(
         try {
             $db = new PDO($dsn, $username, $password, $options);
             $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+            $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 
             return $db;
         } catch (PDOException $e) {

src/SimpleSAML/Store/SQLStore.php

@@ -78,6 +78,7 @@ public function __construct()
             throw new Exception("Database error: " . $e->getMessage());
         }
         $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        $this->pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 
         $this->driver = $this->pdo->getAttribute(PDO::ATTR_DRIVER_NAME);