Escaping broke query

hey, right after the escaping update, some queries and models dont work anymore.

1. problem : first query after session is loaded ( DatabaseHandler )

PHP Code:

Services::session()->start();
Database::connect()->query( 'SELECT A FROM B WHERE C=?', [ '2' ] ); 


2. problem : model stores escaping info twice

PHP Code:

class ExampleEntity extends Entity
{
    protected $id;
    protected $timestamp;
}
class ExampleModel extends Model
{
    protected $table         = 'sessions';
    protected $primaryKey        = 'id';
    protected $returnType        = '\App\Models\ExampleEntity';
}

$Model =  new ExampleModel();
$Entity = $Model->find( '0' );
$New = $Entity === null;
if( $New ) $Entity = new ExampleEntity( ['id' => '0' ] );
Database::connect()->setEscapeFlags( true );
$Entity->timestamp = 0;
if( $New ) $Model->protect(false)->insert( $Entity, false );
else $Model->protect(false)->update( '0', $Entity ); 


insert & update throw exception

-> my current workaround is to disable escaping at all ( before & after every query )
-> but cant use it in production without escaping -> need to wait for fix

The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:

$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • CodeIgniter Tutorials

Maybe because he is using single quotes (').

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:

$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

test again on fresh/clean install, but your queries doesnt work ( except the last one, because the string is used as array )
here test yourself : https://drive.google.com/open?id=1Ghmzla...dMZ2Im-MRC
1. update database config ( used test/test )
2. create the session table in your database
3. open http://localhost/clean/public

@InsiteFX it makes no different

Looks like I forgot to set the session to use Database in my previous tests. Pulled down a clean install set it up identical to what I did before but using the Database session handler and was able to recreate the bug.

I don't have time to look into it tonight, but will look at it soon.

Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • CodeIgniter Tutorials

thx

"BaseBuilder should only turn off Connection's setEscapeFlags when run… "[36fbb8ee55ce6111f5e4fce0cf9fee09237f245d]

seems to partly-fix the model problem - my provided example code runs fine with this fix, but our main application still throw exception after model calls

Callstack

"Another try at getting escaping working correctly both when in and out of models. #1705"[549d7d2a3f8cafc4007614c7f923a3e0ed834b58]

fixed both problems - thanks