• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Escaping broke query

#1
hey, right after the escaping update, some queries and models dont work anymore.

1. problem : first query after session is loaded ( DatabaseHandler )

PHP Code:
Services::session()->start();
Database::connect()->query'SELECT A FROM B WHERE C=?', [ '2' ] ); 

2. problem : model stores escaping info twice
PHP Code:
class ExampleEntity extends Entity
{
    protected 
$id;
    protected 
$timestamp;
}
class 
ExampleModel extends Model
{
    protected 
$table         'sessions';
    protected 
$primaryKey        'id';
    protected 
$returnType        '\App\Models\ExampleEntity';
}

$Model  new ExampleModel();
$Entity $Model->find'0' );
$New $Entity === null;
if( 
$New $Entity = new ExampleEntity( ['id' => '0' ] );
Database::connect()->setEscapeFlagstrue );
$Entity->timestamp 0;
if( 
$New $Model->protect(false)->insert$Entityfalse );
else 
$Model->protect(false)->update'0'$Entity ); 

insert & update throw exception

-> my current workaround is to disable escaping at all ( before & after every query )
-> but cant use it in production without escaping -> need to wait for fix
Reply

#2
The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.
Support Development  • Practical CodeIgniter 3  • Vulcan - CLI Tools for CI4
Reply

#3
Maybe because he is using single quotes (').
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#4
(01-30-2019, 07:17 AM)kilishan Wrote: The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:
$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

test again on fresh/clean install, but your queries doesnt work ( except the last one, because the string is used as array )
here test yourself : https://drive.google.com/open?id=1Ghmzla...dMZ2Im-MRC
1. update database config ( used test/test )
2. create the session table in your database
3. open http://localhost/clean/public

@InsiteFX it makes no different
Reply

#5
Looks like I forgot to set the session to use Database in my previous tests. Pulled down a clean install set it up identical to what I did before but using the Database session handler and was able to recreate the bug.

I don't have time to look into it tonight, but will look at it soon.
Support Development  • Practical CodeIgniter 3  • Vulcan - CLI Tools for CI4
Reply

#6
thx Smile
Reply

#7
"BaseBuilder should only turn off Connection's setEscapeFlags when run… "[36fbb8ee55ce6111f5e4fce0cf9fee09237f245d]

seems to partly-fix the model problem - my provided example code runs fine with this fix, but our main application still throw exception after model calls

Callstack
Reply

#8
"Another try at getting escaping working correctly both when in and out of models. #1705"[549d7d2a3f8cafc4007614c7f923a3e0ed834b58]

fixed both problems - thanks
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.