Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.32.0

Bug #12949 Notes to doc bug converter is broken
Submitted: 2008-01-21 18:11 UTC
From: wiesemann Assigned: dufuz
Status: Closed Package: pearweb (version CVS)
PHP Version: 5.2.5 OS: Irrelevant
Roadmaps: 1.18.0    
Subscription  


 [2008-01-21 18:11 UTC] wiesemann (Mark Wiesemann)
Description: ------------ The notes to doc bug converter (public_html/notes/admin/trans.php) is currently broken due to Helgi's last commit one week ago. The problem is that mysql_escape_string() and DB::quote() are not equivalent => the generated SQL query is broken. I haven't checked but maybe other places are also broken if this change was also done in other scripts.

Comments

 [2008-01-21 20:04 UTC] dufuz (Helgi Þormar Þorbjörnsson)
Mark if you look at how the DB driver works: quote calls quoteSmart which in turns calls escapeSimple which does a mysql_real_escape_string call, so I'm a bit puzzled, well okey, quoteSmart does add ' quotes if $this->dbsyntax == 'access' && preg_match('/^#.+#$/', $in)) are not true I guess the quoting could be the cause.
 [2008-01-21 20:08 UTC] dufuz (Helgi Þormar Þorbjörnsson)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Can you confirm Mark ?
 [2008-01-21 20:23 UTC] wiesemann (Mark Wiesemann)
Helgi, no, that's not the solution. Now the following string is used in the SQL query (the last three characters are an example note): Manual page: index.php 'def' Note the missing quotes around this string.
 [2008-01-21 20:28 UTC] dufuz (Helgi Þormar Þorbjörnsson)
Then could you tell me what the issue is really is ?
 [2008-01-21 20:28 UTC] dufuz (Helgi Þormar Þorbjörnsson)
cvs up, now I'm just running escapeSimple on the query, which does call the escape mysql function so it should be identical.
 [2008-01-21 21:27 UTC] wiesemann (Mark Wiesemann)
Okay, after fixing a new bug introduced by the fix of bug #11998, it works now.