Fixes the special characters in bindParam for PDO

src/Adapter/Driver/Pdo/Pdo.php

@@ -298,7 +298,8 @@ public function getPrepareType()
     public function formatParameterName($name, $type = null)
     {
         if ($type === null && !is_numeric($name) || $type == self::PARAMETERIZATION_NAMED) {
-            return ':' . $name;
+            // using MD5 because of the PDO restriction [A-Za-z0-9_] for bindParam name
+            return ':' . md5($name);
         }
 
         return '?';

src/Adapter/Driver/Pdo/Statement.php

@@ -289,7 +289,7 @@ protected function bindParametersFromContainer()
             }
 
             // parameter is named or positional, value is reference
-            $parameter = is_int($name) ? ($name + 1) : $name;
+            $parameter = is_int($name) ? ($name + 1) : $this->driver->formatParameterName($name);
             $this->resource->bindParam($parameter, $value, $type);
         }
     }

test/Adapter/Driver/Pdo/PdoTest.php

@@ -38,4 +38,29 @@ public function testGetDatabasePlatformName()
         $this->assertEquals('SqlServer', $this->pdo->getDatabasePlatformName());
         $this->assertEquals('SQLServer', $this->pdo->getDatabasePlatformName(DriverInterface::NAME_FORMAT_NATURAL));
     }
+
+    public function getParamsAndType()
+    {
+        return [
+            [ 'foo', null, ':' . md5('foo')],
+            [ 'foo-', null, ':' . md5('foo-')],
+            [ 'foo$', null, ':' . md5('foo$')],
+            [ 1, null, '?' ],
+            [ '1', null, '?'],
+            [ 'foo', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo')],
+            [ 'foo-', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo-')],
+            [ 'foo$', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo$')],
+            [ 1, Pdo::PARAMETERIZATION_NAMED, ':' . md5('1')],
+            [ '1', Pdo::PARAMETERIZATION_NAMED, ':' . md5('1')],
+        ];
+    }
+
+    /**
+     * @dataProvider getParamsAndType
+     */
+    public function testFormatParameterName($name, $type, $expected)
+    {
+        $result = $this->pdo->formatParameterName($name, $type);
+        $this->assertEquals($expected, $result);
+    }
 }

test/Adapter/Driver/Pdo/StatementIntegrationTest.php

@@ -47,7 +47,7 @@ protected function tearDown()
     public function testStatementExecuteWillConvertPhpBoolToPdoBoolWhenBinding()
     {
         $this->pdoStatementMock->expects($this->any())->method('bindParam')->with(
-            $this->equalTo('foo'),
+            $this->equalTo(':' . md5('foo')),
             $this->equalTo(false),
             $this->equalTo(\PDO::PARAM_BOOL)
         );
@@ -57,7 +57,7 @@ public function testStatementExecuteWillConvertPhpBoolToPdoBoolWhenBinding()
     public function testStatementExecuteWillUsePdoStrByDefaultWhenBinding()
     {
         $this->pdoStatementMock->expects($this->any())->method('bindParam')->with(
-            $this->equalTo('foo'),
+            $this->equalTo(':' . md5('foo')),
             $this->equalTo('bar'),
             $this->equalTo(\PDO::PARAM_STR)
         );

test/Adapter/Driver/Pdo/StatementTest.php

@@ -11,6 +11,7 @@
 
 use Zend\Db\Adapter\Driver\Pdo\Connection;
 use Zend\Db\Adapter\Driver\Pdo\Statement;
+use Zend\Db\Adapter\Driver\Pdo\Result;
 use Zend\Db\Adapter\Driver\Pdo\Pdo;
 use Zend\Db\Adapter\ParameterContainer;
 
@@ -126,4 +127,30 @@ public function testExecute()
         $this->statement->prepare('SELECT 1');
         $this->assertInstanceOf('Zend\Db\Adapter\Driver\Pdo\Result', $this->statement->execute());
     }
+
+    /**
+     * @see https://github.com/zendframework/zend-db/pull/224
+     */
+    public function testExecuteWithSpecialCharInBindParam()
+    {
+        $testSqlite = new TestAsset\SqliteMemoryPdo('CREATE TABLE test (text_ TEXT, text$ TEXT);');
+        $this->statement->setDriver(new Pdo(new Connection($testSqlite)));
+        $this->statement->initialize($testSqlite);
+
+        $this->statement->prepare(
+            'INSERT INTO test (text_, text$) VALUES (:' .
+            md5('text_') .
+            ', :' .
+            md5('text$') .
+            ')'
+        );
+        $result = $this->statement->execute([ 'text_' => 'foo', 'text$' => 'bar']);
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertTrue($result->valid());
+
+        $result = $testSqlite->query('SELECT * FROM test');
+        $values = $result->fetch();
+        $this->assertEquals('foo', $values['text_']);
+        $this->assertEquals('bar', $values['text$']);
+    }
 }

test/Adapter/Driver/Pdo/TestAsset/SqliteMemoryPdo.php

@@ -13,8 +13,19 @@ class SqliteMemoryPdo extends \Pdo
 {
     protected $mockStatement;
 
-    public function __construct()
+    public function __construct($sql = null)
     {
         parent::__construct('sqlite::memory:');
+
+        // execute the sql statement if not empty
+        if (!empty($sql)) {
+            if (false === $this->exec($sql)) {
+                throw new \Exception(sprintf(
+                    "Error: %s, %s",
+                    $this->errorCode(),
+                    implode(",", $this->errorInfo())
+                ));
+            }
+        }
     }
 }