You should not enclose variables in quotes in a prepared statement:

$pstmt=odbc_prepare($odb_con,"select * from configured where param_name=?");
$res=odbc_execute($pstmt,array(" 'version'"));

should be:

$pstmt=odbc_prepare($odb_con,"select * from configured where param_name=?");
$res=odbc_execute($pstmt,array("version"));

Question marks represent parameter placeholders, the value passed is meant to represent an unescaped, unenclosed value, which will be properly escaped by the SQL interpreter.

EDIT:

Gah, ignore me, misread php.net

odbc_fetch_array accepts as it's parameter the result of odbc_execute, you seem to be passing in the prepared statement.

What DBMS are you using? The fact that the lone insert prepare statement seems to be executed against the database rather than being prepared points to either a poor implementation of php (unlikely) or the DBMS not supporting prepared sql. If the latter is the case it is possible that their way of supporting the command with out the functionality is just to execute the statement leading to the results you get. If the DBMS does support prepared statements and the php implementation handles it properly there is some kind of issue with the insert being executed which also needs some investigation.

Try removing the single quotes from the query string and adding them to the parameter value itself:

$pstmt=odbc_prepare($odb_con,"select * from configured where param_name=?");
$res=odbc_execute($pstmt,array(" 'version'"));
var_dump($res);  //bool(true)
$row = odbc_fetch_array($pstmt);
var_dump($row);  //bool(false)

The single space character at the beginning of the parameter value is very important--if the space is not there, it will treat the variable as a path to a file.

From http://www.php.net/manual/en/function.odbc-execute.php:

If you wish to store a string which actually begins and ends with single quotes, you must add a space or other non-single-quote character to the beginning or end of the parameter, which will prevent the parameter from being taken as a file name.

Did you try using double quotes? i.e.

$res=odbc_execute($pstmt,array("version"));

when I read this paragraph

Any parameters in parameter_array which start and end with single quotes will be taken as the name of a file to read and send to the database server as the data for the appropriate placeholder.

If you wish to store a string which actually begins and ends with single quotes, you must add a space or other non-single-quote character to the beginning or end of the parameter, which will prevent the parameter from being taken as a file name. If this is not an option, then you must use another mechanism to store the string, such as executing the query directly with odbc_exec()).

It seems to me that it isn't necessary to add single quotes ' to a string, only if you really want to have the quotes as text in the DB

Therefore if I only want to insert the text, without the single quotes I would write something like that ...

see this example from odbc-prepare

http://www.php.net/manual/en/function.odbc-prepare.php

Use this example for IBM DB/2:

$q = "update TABLE set PASS=? where NAME=?";
$res = odbc_prepare ($con, $q);

$a = "secret"; $b="user";
$exc = odbc_execute($res, array($a, $b));

This would result in the following statement

$pstmt=odbc_prepare($odb_con,"select * from configured where param_name=?");

$name = "version";
$params = array($name);

$res=odbc_execute($pstmt,$params);
var_dump($res);  //bool(true)

$row = odbc_fetch_array($pstmt);
var_dump($row);  //bool(false)

See that I not only removed the qoutes for the value in the params array but also removed the qoutes in the SQL statement.

please give feedback if this was right