[puschie]

hey, right after the escaping update, some queries and models dont work anymore.

1. problem : first query after session is loaded ( DatabaseHandler )

PHP Code:

Services::session()->start();
Database::connect()->query( 'SELECT A FROM B WHERE C=?', [ '2' ] ); 


2. problem : model stores escaping info twice

PHP Code:

class ExampleEntity extends Entity
{
    protected $id;
    protected $timestamp;
}
class ExampleModel extends Model
{
    protected $table         = 'sessions';
    protected $primaryKey        = 'id';
    protected $returnType        = '\App\Models\ExampleEntity';
}

$Model =  new ExampleModel();
$Entity = $Model->find( '0' );
$New = $Entity === null;
if( $New ) $Entity = new ExampleEntity( ['id' => '0' ] );
Database::connect()->setEscapeFlags( true );
$Entity->timestamp = 0;
if( $New ) $Model->protect(false)->insert( $Entity, false );
else $Model->protect(false)->update( '0', $Entity ); 


insert & update throw exception

-> my current workaround is to disable escaping at all ( before & after every query )
-> but cant use it in production without escaping -> need to wait for fix

[kilishan]

The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:

$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

[InsiteFX]

Maybe because he is using single quotes (').

[puschie]

(01-30-2019, 08:17 AM)kilishan Wrote: The first one works just fine for me in a real-world situation. I have a simple table with columns id, and name. The following queries all work for me:

Code:

$db = db_connect();
session(); // Automatically starts the session, but also ran with session()->start();

$db->query("select * from users where id = ? ", ['1']);
$db->query("select * from users where id = ? ", [1]);
$db->query("select * from users where name = ? ", ['Fred']);

The second example is impossible to duplicate without knowing your table structure, but as the first one works just fine, I'd suggest triple-checking your code and the queries that are getting generated.

test again on fresh/clean install, but your queries doesnt work ( except the last one, because the string is used as array )
here test yourself : https://drive.google.com/open?id=1Ghmzla...dMZ2Im-MRC
1. update database config ( used test/test )
2. create the session table in your database
3. open http://localhost/clean/public

@InsiteFX it makes no different

[kilishan]

Looks like I forgot to set the session to use Database in my previous tests. Pulled down a clean install set it up identical to what I did before but using the Database session handler and was able to recreate the bug.

I don't have time to look into it tonight, but will look at it soon.

[puschie]

thx

[puschie]

"BaseBuilder should only turn off Connection's setEscapeFlags when run… "[36fbb8ee55ce6111f5e4fce0cf9fee09237f245d]

seems to partly-fix the model problem - my provided example code runs fine with this fix, but our main application still throw exception after model calls

Callstack

[puschie]

"Another try at getting escaping working correctly both when in and out of models. #1705"[549d7d2a3f8cafc4007614c7f923a3e0ed834b58]

fixed both problems - thanks