CodeIgniter Forums
Escaping broke query - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forum-28.html)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forum-30.html)
+--- Thread: Escaping broke query (/thread-72710.html)



Escaping broke query - puschie - 01-30-2019

hey, right after the escaping update, some queries and models dont work anymore.

1. problem : first query after session is loaded ( DatabaseHandler )

PHP Code:
Services::session()->start();
Database::connect()->query'SELECT A FROM B WHERE C=?', [ '2' ] ); 

2. problem : model stores escaping info twice
PHP Code:
class ExampleEntity extends Entity
{
    protected 
$id;
    protected 
$timestamp;
}
class 
ExampleModel extends Model
{
    protected 
$table         'sessions';
    protected 
$primaryKey        'id';
    protected 
$returnType        '\App\Models\ExampleEntity';
}

$Model  new ExampleModel();
$Entity $Model->find'0' );
$New $Entity === null;
if( 
$New $Entity = new ExampleEntity( ['id' => '0' ] );
Database::connect()->setEscapeFlagstrue );
$Entity->timestamp 0;
if( 
$New $Model->protect(false)->insert$Entityfalse );
else 
$Model->protect(false)->update'0'$Entity ); 

insert & update throw exception

-> my current workaround is to disable escaping at all ( before & after every query )
-> but cant use it in production without escaping -> need to wait for fix


RE: Escaping broke query - kilishan - 01-30-2019

The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.


RE: Escaping broke query - InsiteFX - 01-30-2019

Maybe because he is using single quotes (').


RE: Escaping broke query - puschie - 01-31-2019

(01-30-2019, 08:17 AM)kilishan Wrote: The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

test again on fresh/clean install, but your queries doesnt work ( except the last one, because the string is used as array )
here test yourself : https://drive.google.com/open?id=1GhmzladEJ7vmXgpUF1uom_dMZ2Im-MRC
1. update database config ( used test/test )
2. create the session table in your database
3. open http://localhost/clean/public

@InsiteFX it makes no different


RE: Escaping broke query - kilishan - 01-31-2019

Looks like I forgot to set the session to use Database in my previous tests. Pulled down a clean install set it up identical to what I did before but using the Database session handler and was able to recreate the bug.

I don't have time to look into it tonight, but will look at it soon.


RE: Escaping broke query - puschie - 02-01-2019

thx Smile


RE: Escaping broke query - puschie - 02-11-2019

"BaseBuilder should only turn off Connection's setEscapeFlags when run… "[36fbb8ee55ce6111f5e4fce0cf9fee09237f245d]

seems to partly-fix the model problem - my provided example code runs fine with this fix, but our main application still throw exception after model calls

Callstack


RE: Escaping broke query - puschie - 02-14-2019

"Another try at getting escaping working correctly both when in and out of models. #1705"[549d7d2a3f8cafc4007614c7f923a3e0ed834b58]

fixed both problems - thanks