anewt-developers team mailing list archive

Thread
Date

[Bug 502916] Re: AutoRecord crash when handling values like "boo ?bah? baa"

To: anewt-developers@xxxxxxxxxxxxxxxxxxx
From: "Wouter Bolsterlee \(uws\)" <uws+launchpad@xxxxxxxxx>
Date: Tue, 05 Jan 2010 20:07:19 -0000
Reply-to: Bug 502916 <502916@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This illustrates the issue:

+               $result = Person::db_find_one_by_sql(
+                       array('where' => 'name = ?str?'),
+                       array('this won\'t result in ?any? matches?int? I think :)')
+               );
+               $this->assertNull($result);


... and the fix is to use $connection->prepare...('?raw?', $fully_escaped_sql_query):

+                * The generated SQL query may contain placeholders (e.g. the string
+                * '?int?' could be somewhere in a value), but those must not be parsed
+                * by AnewtDatabaseSQLTemplate. Since the generated SQL is already fully
+                * escaped, it is passed as a single value for a ?raw? query. See
+                * bug:502916 for more information.


** Summary changed:

- AutoRecord crash when handling values like "boo ?bah? baa"
+ AutoRecord incorrectly tries to escape values containing SQL template placeholders

-- 
AutoRecord incorrectly tries to escape values containing SQL template placeholders
https://bugs.launchpad.net/bugs/502916
You received this bug notification because you are a member of Anewt
developers, which is subscribed to Anewt.

References

[Bug 502916] [NEW] AutoRecord crash when handling values like "boo ?bah? baa"
From: Erik Hensema, 2010-01-04