Labels Milestones

New Issue

Bad interactions with PostgreSQL query munging and embedded values #175

Closed

opened 5 years ago by jking · 0 comments

jking commented 5 years ago

Owner

Natively PostgreSQL uses e.g. $1 as a parameter marker instead of ?. PDO handles this conversion, but for the native driver we've had to change the markers ourselves.

When this was originally implemented it was assumed all values would be placed in parameters and thus any ? characters would be parameter markers and a simple string replacement could be used. Since then, strings are sometimes embedded to ease pressure on the limited number of parameter markers themselves; strings literals containing ? might therefore now appear in queries, breaking things spectacularly.

Indeed, this part of query construction is poorly tested, so more tests are required. The simplest solution is probably to never embed any string which contains a question mark.

Natively PostgreSQL uses e.g. `$1` as a parameter marker instead of `?`. PDO handles this conversion, but for the native driver we've had to change the markers ourselves. When this was originally implemented it was assumed all values would be placed in parameters and thus any `?` characters would be parameter markers and a simple string replacement could be used. Since then, strings are sometimes embedded to ease pressure on the limited number of parameter markers themselves; strings literals containing `?` might therefore now appear in queries, breaking things spectacularly. Indeed, this part of query construction is poorly tested, so more tests are required. The simplest solution is probably to never embed any string which contains a question mark.

jking added this to the Future milestone 5 years ago

jking self-assigned this 5 years ago

jking added the

bug

label 5 years ago

jking closed this issue 5 years ago

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

arch

arch2

dbtest

getopt

master

microsub

phake

reader

redup

rpm

0.1.0

0.1.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.2.0

0.2.1

0.3.0

0.3.1

0.4.0

0.5.0

0.5.1

0.6.0

0.6.1

0.7.0

0.7.1

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.9.0

0.9.1

0.9.2

Labels

Apply labels

Clear labels

admin tools api bug documentation duplicate enhancement feature help wanted in progress internals invalid packaging question testing trivial wontfix

No Label admin tools api bug documentation duplicate enhancement feature help wanted in progress internals invalid packaging question testing trivial wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Future

Assignees

Assign users

Clear assignees

No Assignees

jking

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.