mahara-contributors team mailing list archive

Thread
Date

[Bug 1403707] Re: get_field_sql is not handling reserved words correctly

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1403707@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Dec 2014 03:15:17 -0000
Reply-to: Bug 1403707 <1403707@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1402911 ***
    https://bugs.launchpad.net/bugs/1402911

Hi Robert,

The particular error here is covered under Bug 1402911.

When I looked into it, I considered making get_field_sql() escape the
column name. But then when I looked through the code base I found
several places where get_field_sql() is used with a field that is an SQL
expression like "count(*)" or "max(id)", in which case the resulting SQL
code would break if we field-escaped it.

I think the real underlying problem (which it would unfortunately be
infeasible to fix at this point) is that we have columns whose names are
reserved words. And for now we'll just have to use the workaround of
putting quotes around the column name in the call to get_field_sql()

Cheers,
Aaron

** This bug has been marked a duplicate of bug 1402911
   Error posting a new forum topic

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1403707

Title:
  get_field_sql is not handling reserved words correctly

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  Normally when we deal with a table column that contains a reserved
  word we quote it - but get_field_sql is not quoting the fields it
  wants to select .

  So if we want a field called 'group' it fails

  
  [WAR] 0d (lib/errors.php:745) Failed to get a recordset: postgres8 error: [-2: ERROR:  syntax error at or near "group"
  LINE 1: SELECT group FROM "interaction_instance"  WHERE "id" =  $1
                ^] in EXECUTE("SELECT group FROM "interaction_instance"  WHERE "id" = ? ")
  Command was: SELECT group FROM "interaction_instance"  WHERE "id" = ?  and values was (1)
  Call stack (most recent first):

      log_message("Failed to get a recordset: postgres8 error: [-2: E...", 8, true, true) at /var/www/html/maharalatest/htdocs/lib/errors.php:95
      log_warn("Failed to get a recordset: postgres8 error: [-2: E...") at /var/www/html/maharalatest/htdocs/lib/errors.php:745
      SQLException->__construct("Failed to get a recordset: postgres8 error: [-2: E...") at /var/www/html/maharalatest/htdocs/lib/dml.php:477
      get_recordset_sql("SELECT group FROM "interaction_instance" WHERE "i...", array(size 1)) at /var/www/html/maharalatest/htdocs/lib/dml.php:788
      get_field_sql("SELECT group FROM "interaction_instance" WHERE "i...", array(size 1)) at /var/www/html/maharalatest/htdocs/lib/dml.php:776
      get_field("interaction_instance", "group", "id", 1) at /var/www/html/maharalatest/htdocs/interaction/forum/edittopic.php:198
      addtopic_submit(object(Pieform), array(size 9)) at Unknown:0

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1403707/+subscriptions

References

[Bug 1403707] [NEW] get_field_sql is not handling reserved words correctly
From: Robert Lyon, 2014-12-18