Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.4

Bug #6851 Double quotes in db login check
Submitted: 2006-02-21 06:20 UTC Modified: 2006-12-16 08:26 UTC
From: garak Assigned: aashley
Status: Closed Package: Auth (version 1.3.0r5)
PHP Version: 4.4.0 OS: Linux
Roadmaps: (Not assigned)    
Subscription  


 [2006-02-21 06:20 UTC] garak (Massimilano Arione)
Description: ------------ There's a bug on Auth/Container/DB.php on line 249 " WHERE ".$this->options['usernamecol']." = '".$this->db->quoteSmart($username)."'"; You should remove the single quotes around username, since they are already added by DB::quoteSmart method. The correct line should be: " WHERE ".$this->options['usernamecol']." = ".$this->db->quoteSmart($username);

Comments

 [2006-02-21 17:57 UTC] farell (Laurent Laville)
You should remove the single quotes on lines below: at line 370 $query = sprintf("INSERT INTO %s (%s, %s%s) VALUES ('%s', '%s'%s)", it should be $query = sprintf("INSERT INTO %s (%s, %s%s) VALUES (%s, %s%s)", at line 404 $query = sprintf("DELETE FROM %s WHERE %s = '%s'", it should be $query = sprintf("DELETE FROM %s WHERE %s = %s", at line 442 $query = sprintf("UPDATE %s SET %s = '%s' WHERE %s = '%s'", it should be $query = sprintf("UPDATE %s SET %s = %s WHERE %s = %s", all this fixes are related to quotSmart method Laurent Laville
 [2006-02-21 18:49 UTC] aashley at php dot net
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.