Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.0b4

Bug #9442 Quotes aren't being escaped using autoExecute
Submitted: 2006-11-24 14:13 UTC
From: matthijs at 1key dot nl Assigned: davidc
Status: Closed Package: MDB2_Driver_mssql (version 2.3.0)
PHP Version: 5.1.6 OS: Windows Server 2003
Roadmaps: (Not assigned)    
Subscription  


 [2006-11-24 14:13 UTC] matthijs at 1key dot nl (Matthijs Olislagers)
Description: ------------ Software I'm using: -Windows Server 2003 R2 Enterprise -Apache -Microsoft SQL Server 2005 -PHP 5.16 -PEAR 1.4.11 -MDB2 2.3.0 -MDB2_Driver_mssql 1.1.0 Installed pecl extensions: -php_mssql.dll -php_ldap.dll -php_gd2.dll Changes made to PHP.INI: -mssql.textlimit = 2147483647 -mssql.textsize = 2147483647 ---- In the previous version of MDB2 (2.2.2) there was no problem inserting strings containing single quotes ('). In the new version I get an error while inserting single quotes. I tried to use the escape and quote function but it had no use. In the previous version I didn't escape the string at all. I just used autoExecute without escaping my string and that worked fine. Test script: --------------- $i_ResultId = 1; $s_TextValue = "This doesn't work"; $s_TableName = 'CIS_TextResult'; $a_FieldsValues = array( 'resultId' => $i_ResultId, 'text' => $s_TextValue); $a_Types = array('integer', 'text'); $s_Where = 'resultId = '.$i_ResultId; $this->o_DatabaseController->loadModule('Extended'); $r_Result = $this->o_DatabaseController->extended->autoExecute($s_TableName, $a_FieldsValues, MDB2_AUTOQUERY_UPDATE, $s_Where, $a_Types); if (PEAR::isError($r_Result)) throw new Exception ($r_Result->userinfo); Expected result: ---------------- My row is succesfully updated... Actual result: -------------- [24-nov-2006 14:31:33] PHP Fatal error: Uncaught exception 'Exception' with message '[Error message: _doQuery: Could not execute statement] [Last executed query: INSERT INTO CIS_TextResult (resultId, text) VALUES (13, 'This doesn't work')] [Native code: 105] [Native message: Unclosed quotation mark after the character string ')'.] ' in D:\websites\jbc.nl\core\cis\CISController.php:577 Stack trace: #0 D:\websites\jbc.nl\core\cis\CISController.php(393): CISController->setTextResult(13, 'This doesn't wo...') #1 D:\websites\jbc.nl\core\MainController.php(73): CISController->saveCISItem() #2 D:\websites\jbc.nl\core\MainController.php(22): MainController->run() #3 D:\websites\jbc.nl\index.php(3): MainController->__construct() #4 {main} thrown in D:\websites\jbc.nl\core\cis\CISController.php on line 577

Comments

 [2006-11-25 12:41 UTC] quipo (Lorenzo Alberton)
Do you experience the same issue if you use the standard prepare() and execute() methods? http://pear.php.net/manual/en/package.database.mdb2.intro-execute.php I tried your code with another DBMS (I don't have mssql server) and it run fine, maybe it's a bug in the mssql driver?
 [2006-11-27 11:19 UTC] matthijs at 1key dot nl
I don't think it's a bug in the driver since it worked fine in the previous MDB2 version and I didn't update the driver. I'm using autoExecute on very much places in my code so would really like to keep using it. I tried to use the prepare() and execute() that also didn't work. It looks like the new MDB2 doesn't escape text at all.
 [2006-12-05 11:27 UTC] quipo (Lorenzo Alberton)
I believe it's due to some changes to the main class that weren't reflected in the driver, which needs a fix and a new release to get in sync with the rest of the package. I'm changing it to a MDB2_Driver_mssql bug, feel free to change it back to MDB2 if I'm wrong.
 [2006-12-25 19:15 UTC] lsmith (Lukas Smith)
Yeah, try to install from CVS. Someone needs to make a new release for the mssql driver. For now I suggest you downgrade to downgrade to a previous MDB2 core package. The 2.1.0 release should certainly be in sync.
 [2007-01-03 14:37 UTC] davidc (David Coallier)
matthijs could you please let me know if you still have that problem as I don't get the problem with latest cvs. If the problem is fixed with the cvs version, I'll make a release very shortly (within the next few days) Thanks
 [2007-01-05 17:52 UTC] davidc (David Coallier)
Could you please try upgrading to this package ? http://dev.agoraproduction.com/mdb2/MDB2_Driver_mssql-1.1.1.tgz If it works I'll make an official release. Thanks
 [2007-01-10 13:44 UTC] matthijs at 1key dot nl
Hi David, Sorry for responding this late. I didn't notice your message it was being kept in my junk mailbox. I tried to update the mdb2 driver and msb2 itself but it doesn't work. After updating every page on my website is blank. The error log doesn't show any errors. What can I do to give you more information?
 [2007-01-11 01:41 UTC] davidc (David Coallier)
That is my fault, can you please do pear upgrade MDB2_Driver_mssql-1.1.2 Then we'll see if it works. Your connection and pages should come back now :-) Sorry and thanks
 [2007-01-16 03:04 UTC] davidc (David Coallier)
So do you have an update on this problem ? Did upgrading to the latest version fix it ? Let me know Thanks, David
 [2007-01-18 13:02 UTC] matthijs at 1key dot nl
It works! Thanks!
 [2007-01-18 14:36 UTC] davidc (David Coallier)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/MDB2_Driver_mssql They were out of sync indeed