Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.12.1

Bug #14603 Wrong replace in last_query
Submitted: 2008-09-05 18:59 UTC
From: mds123 Assigned: danielc
Status: Closed Package: DB (version 1.7.13)
PHP Version: 5.1.6 OS: linux
Roadmaps: 1.7.14RC2    
Subscription  


 [2008-09-05 18:59 UTC] mds123 (Márcio Dick Smiderle)
Description: ------------ It replaces bindN in all string, replacing also bindNN when it should not. Test script: --------------- Correction to apply to oci8 driver: @@ -668,11 +668,12 @@ class DB_oci8 extends DB_common } if (!@OCIBindByName($stmt, ':bind' . $i, $data[$key], -1)) { $tmp = $this->oci8RaiseError($stmt); return $tmp; } - $this->last_query = str_replace(':bind'.$i, $this->quoteSmart($data[$key]), $this->last_query); + //$this->last_query = str_replace(':bind'.$i, $this->quoteSmart($data[$key]), $this->last_query); + $this->last_query = substr_replace($this->last_query, $this->quoteSmart($data[$key]), strpos($this->last_query, ':bind'.$i), strlen(':bind'.$i)); $i++; } if ($this->autocommit) { $success = @OCIExecute($stmt, OCI_COMMIT_ON_SUCCESS); } else {

Comments

 [2008-09-18 00:43 UTC] doconnor (Daniel O'Connor)
Thanks for the patch Marcio! I don't suppose you can knock up a short test script which would demonstrate the brokenness? That way people like myself can more easily understand your patch without having to know everything about the DB package - and there's more chance it'll get committed.
 [2008-09-19 14:56 UTC] mds123 (Márcio Dick Smiderle)
Test script, just change paths, dsn, basic query and run it in command line php: ------- <?php $path = 'atmail_terra/libs/PEAR'; set_include_path(get_include_path() . PATH_SEPARATOR . $path); require_once 'DB.php'; $db =& DB::connect('oci8://atmail2:atmail2@///db-dsv02.terra.com.br/oradsv02?charset=AL32UTF8'); if (PEAR::isError($db)) { die($db->getMessage()); } $query = "select userfirstname, usermiddlename, userlastname from Abook_v where '40' = '40'"; $params = array(); for($i = 0; $i < 11; $i++) { $params[] = $i; $query .= " and\n ? = '$i'"; if($i > 0) { $query .= " /* Substitutes \"bind".$i."\" with '".$i."', but also \"bind".$i."\" in string \"bind".$i."0\" resulting in '".$i."'0 */"; } } $res = $db->query($query, $params); if (PEAR::isError($res)) { die($res->getMessage()); } echo $db->last_query . "\n\n"; while ($res->fetchInto($row)) { // Assuming DB's default fetchmode is DB_FETCHMODE_ORDERED foreach($row as $k => $v) { echo $v . "\t\t"; } echo "\n"; } ?> ------- First output without patch will be: ======= select userfirstname, usermiddlename, userlastname from Abook_v where '40' = '40' and '0' = '0' and '1' = '1' /* Substitutes "bind1" with '1', but also "bind1" in string "bind10" resulting in '1'0 */ and '2' = '2' /* Substitutes "bind2" with '2', but also "bind2" in string "bind20" resulting in '2'0 */ and '3' = '3' /* Substitutes "bind3" with '3', but also "bind3" in string "bind30" resulting in '3'0 */ and '4' = '4' /* Substitutes "bind4" with '4', but also "bind4" in string "bind40" resulting in '4'0 */ and '5' = '5' /* Substitutes "bind5" with '5', but also "bind5" in string "bind50" resulting in '5'0 */ and '6' = '6' /* Substitutes "bind6" with '6', but also "bind6" in string "bind60" resulting in '6'0 */ and '7' = '7' /* Substitutes "bind7" with '7', but also "bind7" in string "bind70" resulting in '7'0 */ and '8' = '8' /* Substitutes "bind8" with '8', but also "bind8" in string "bind80" resulting in '8'0 */ and '9' = '9' /* Substitutes "bind9" with '9', but also "bind9" in string "bind90" resulting in '9'0 */ and '1'0 = '10' /* Substitutes "bind10" with '10', but also "bind10" in string "bind100" resulting in '10'0 */ "Diego Baroni" çç Áççççççããêéé ÇçÇçÇç ======= Second output with patch will be: ======= select userfirstname, usermiddlename, userlastname from Abook_v where '40' = '40' and '0' = '0' and '1' = '1' /* Substitutes "bind1" with '1', but also "bind1" in string "bind10" resulting in '1'0 */ and '2' = '2' /* Substitutes "bind2" with '2', but also "bind2" in string "bind20" resulting in '2'0 */ and '3' = '3' /* Substitutes "bind3" with '3', but also "bind3" in string "bind30" resulting in '3'0 */ and '4' = '4' /* Substitutes "bind4" with '4', but also "bind4" in string "bind40" resulting in '4'0 */ and '5' = '5' /* Substitutes "bind5" with '5', but also "bind5" in string "bind50" resulting in '5'0 */ and '6' = '6' /* Substitutes "bind6" with '6', but also "bind6" in string "bind60" resulting in '6'0 */ and '7' = '7' /* Substitutes "bind7" with '7', but also "bind7" in string "bind70" resulting in '7'0 */ and '8' = '8' /* Substitutes "bind8" with '8', but also "bind8" in string "bind80" resulting in '8'0 */ and '9' = '9' /* Substitutes "bind9" with '9', but also "bind9" in string "bind90" resulting in '9'0 */ and '10' = '10' /* Substitutes "bind10" with '10', but also "bind10" in string "bind100" resulting in '10'0 */ "Diego Baroni" çç Áççççççããêéé ÇçÇçÇç =======
 [2010-01-08 09:49 UTC] danielc (Daniel Convissor)
-Status: Open +Status: Closed -Assigned To: +Assigned To: danielc
Fixed in SVN. Will show up in next release.