• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Bug [or oversight] in Query.php -> compileBinds()

#1
So, I've been having a problem for the past few days and finally decided to dig into the CI4 code to verify that it wasn't me. My SQL statement works fine in MySQL but fails with a "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?)'". So after a day or two ruling out me being stupid, I dug into the code and found ci4.04->system->Database->Query.php->compilebinds makes an assumption on how to determine if a query contains named binds or not. It falsely assumed that my statement did contain named binds then failed to bind at all.

Line 371 states
$hasNamedBinds = strpos($sql, ':') !== false && strpos($sql, ':=') === false;

However, there are many legitimate uses of : in a query, especially in formatting times. so my query below fails to bind unless I remove the first strpos from line 371

Select concat(date_format(MyTime,'%H:%i'), ' - ', concat(firstName,' ',lastName)) from table.

I've fixed my install for now but is it possible to remove strpos($sql, ':') !== false in future builds or will that have repercussions elsewhere? Or maybe you could just check the where clause of a SQL statement by using the strpos offset parameter?

strpos($sql, ':',[b]strpos($sql, 'where')) !== false[/b]
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.