Reject any duplicated parameter name

src/Query/QueryBuilder.php

@@ -18,13 +18,16 @@
 use Doctrine\DBAL\Statement;
 use Doctrine\DBAL\Types\Type;
 
+use function array_filter;
+use function array_intersect;
 use function array_key_exists;
 use function array_keys;
 use function array_merge;
 use function array_unshift;
 use function count;
 use function implode;
 use function is_object;
+use function sprintf;
 use function substr;
 
 /**
@@ -332,10 +335,20 @@ private function buildParametersAndTypes(): array
         $cteParams = $cteParamTypes = [];
 
         foreach ($this->commonTableExpressions as $cte) {
-            if (! $cte->query instanceof self) {
+            if (! $cte->query instanceof self || count($cte->query->params) === 0) {
                 continue;
             }
 
+            $paramKeys    = array_filter(array_keys($cteParams), 'is_string');
+            $cteParamKeys = array_filter(array_keys($cte->query->params), 'is_string');
+            $duplicated   = array_intersect($paramKeys, $cteParamKeys);
+            if (count($duplicated) > 0) {
+                throw new QueryException(sprintf(
+                    'Found duplicated parameter in CTE query. The duplicated parameter names are: "%s".',
+                    implode(', ', $duplicated),
+                ));
+            }
+
             $cteParams     = array_merge($cteParams, $cte->query->params);
             $cteParamTypes = array_merge($cteParamTypes, $cte->query->types);
         }

tests/Functional/Query/QueryBuilderTest.php

@@ -17,6 +17,7 @@
 use Doctrine\DBAL\Platforms\OraclePlatform;
 use Doctrine\DBAL\Platforms\SQLitePlatform;
 use Doctrine\DBAL\Query\ForUpdate\ConflictResolutionMode;
+use Doctrine\DBAL\Query\QueryException;
 use Doctrine\DBAL\Query\UnionType;
 use Doctrine\DBAL\Schema\Table;
 use Doctrine\DBAL\Tests\FunctionalTestCase;
@@ -441,6 +442,44 @@ public function testSelectWithCTEAndCreateNamedParametersForEachQuery(): void
         self::assertSame($expectedRows, $qb->executeQuery()->fetchAllAssociative());
     }
 
+    public function testSelectWithCTEAndCreateNamedParametersAreNotUnique(): void
+    {
+        if (! $this->platformSupportsCTEs()) {
+            self::markTestSkipped('The database platform does not support CTE.');
+        }
+
+        if (! $this->platformSupportsCTEColumnsDefinition()) {
+            self::markTestSkipped('The database platform does not support columns definition for CTE.');
+        }
+
+        $qb = $this->connection->createQueryBuilder();
+
+        $cteQueryBuilder1 = $this->connection->createQueryBuilder();
+        $cteQueryBuilder1->select('id')
+            ->from('for_update')
+            ->where($cteQueryBuilder1->expr()->eq(
+                'id',
+                $cteQueryBuilder1->createNamedParameter(1, ParameterType::INTEGER, ':id'),
+            ));
+
+        $cteQueryBuilder2 = $this->connection->createQueryBuilder();
+        $cteQueryBuilder2->select('id')
+            ->from('for_update')
+            ->where($cteQueryBuilder2->expr()->in(
+                'id',
+                $cteQueryBuilder2->createNamedParameter([1, 2], ArrayParameterType::INTEGER, ':id'),
+            ));
+
+        $qb->with('cte_a', $cteQueryBuilder1)
+            ->with('cte_b', $cteQueryBuilder2);
+
+        self::expectException(QueryException::class);
+        self::expectExceptionMessage(
+            'Found duplicated parameter in CTE query. The duplicated parameter names are: "id".',
+        );
+        $qb->executeQuery();
+    }
+
     public function testSelectWithCTEAndCreatePositionalParametersForEachQuery(): void
     {
         if (! $this->platformSupportsCTEs()) {