Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.0b5
Bug #17039 _skipDelimitedStrings getting confused by escaped quotes
Submitted: 2010-01-27 23:30 UTC
From: sircus Assigned: quipo
Status: Closed Package: MDB2 (version CVS)
PHP Version: 5.2.5 OS: Debian Sid
Roadmaps: (Not assigned)    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 38 + 33 = ?

 
 [2010-01-27 23:30 UTC] sircus (Jon Bright)
Description: ------------ Using prepare() on a query such as UPDATE user SET User='a\'b:+c' results in the whole of the string after 'b' being replaced by a single question mark. The problem is that the MySQL driver's value for $string_quoting is an array. The building of $ignores at the start of _skipDelimitedStrings results in array ( 'start' => '\'', 'end' => '\'', 'escape' => '\\', 'escape_pattern' => '\\', 0 => array ( 'start' => '`', 'end' => '`', 'escape' => '`', ), ... ) foreach ($ignores as $ignore) then gets '\'' as its first value for $ignore. This results in $ignore['escape'] being '\''. This results in prepare only skipping as far as the first apostrophe, because it's treated as unescaped. This results in modifyQuery() treating the colon as a placeholder. The + then seems to result in the remainder of the string being truncated. Test script: --------------- require_once 'MDB2.php'; $dsn='mysql://user:password@localhost/mysql'; $dbh = MDB2::connect($dsn, $db_options); if (MDB2::isError($dbh)) die($dbh->getMessage()); $q = $dbh->prepare("UPDATE user SET User='a\'b:+c'", null, MDB2_PREPARE_MANIP); if ($dbh->isError($q)) die($q->userinfo); echo("Test passed"); Expected result: ---------------- I expect the text "Test passed" Actual result: -------------- _doQuery: [Error message: Could not execute statement] [Last executed query: PREPARE mdb2_statement_mysql_1c2b48e2af2a575aff97b07a6b431d346f59b551e FROM 'UPDATE user SET User=\'a\\\'b?'] [Native code: 1064] [Native message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''a\'b?' at line 1]

Comments

 [2010-01-27 23:58 UTC] sircus (Jon Bright)
Added patch skip_delimited_strings_fix_quoting_array.
 [2010-01-27 23:59 UTC] sircus (Jon Bright)
The attached patch fixes the problem for me.
 [2010-01-28 00:49 UTC] sircus (Jon Bright)
This bug should probably be marked as a duplicate of 16973.
 [2010-01-31 22:25 UTC] quipo (Lorenzo Alberton)
-Status: Open +Status: Closed -Assigned To: +Assigned To: quipo
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.