CodeIgniter Forums

Full Version: Escaping broke query
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
hey, right after the escaping update, some queries and models dont work anymore.

1. problem : first query after session is loaded ( DatabaseHandler )

PHP Code:
Services::session()->start();
Database::connect()->query'SELECT A FROM B WHERE C=?', [ '2' ] ); 

2. problem : model stores escaping info twice
PHP Code:
class ExampleEntity extends Entity
{
    protected 
$id;
    protected 
$timestamp;
}
class 
ExampleModel extends Model
{
    protected 
$table         'sessions';
    protected 
$primaryKey        'id';
    protected 
$returnType        '\App\Models\ExampleEntity';
}

$Model  new ExampleModel();
$Entity $Model->find'0' );
$New $Entity === null;
if( 
$New $Entity = new ExampleEntity( ['id' => '0' ] );
Database::connect()->setEscapeFlagstrue );
$Entity->timestamp 0;
if( 
$New $Model->protect(false)->insert$Entityfalse );
else 
$Model->protect(false)->update'0'$Entity ); 

insert & update throw exception

-> my current workaround is to disable escaping at all ( before & after every query )
-> but cant use it in production without escaping -> need to wait for fix
The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.
Maybe because he is using single quotes (').
(01-30-2019, 07:17 AM)kilishan Wrote: [ -> ]The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

test again on fresh/clean install, but your queries doesnt work ( except the last one, because the string is used as array )
here test yourself : https://drive.google.com/open?id=1Ghmzla...dMZ2Im-MRC
1. update database config ( used test/test )
2. create the session table in your database
3. open http://localhost/clean/public

@InsiteFX it makes no different
Looks like I forgot to set the session to use Database in my previous tests. Pulled down a clean install set it up identical to what I did before but using the Database session handler and was able to recreate the bug.

I don't have time to look into it tonight, but will look at it soon.
thx Smile
"BaseBuilder should only turn off Connection's setEscapeFlags when run… "[36fbb8ee55ce6111f5e4fce0cf9fee09237f245d]

seems to partly-fix the model problem - my provided example code runs fine with this fix, but our main application still throw exception after model calls

Callstack
"Another try at getting escaping working correctly both when in and out of models. #1705"[549d7d2a3f8cafc4007614c7f923a3e0ed834b58]

fixed both problems - thanks