Skip to content

Fix DB $binds property pollution issues#7

Open
kzap wants to merge 11 commits intoEden-PHP:v3from
examinecom:v1
Open

Fix DB $binds property pollution issues#7
kzap wants to merge 11 commits intoEden-PHP:v3from
examinecom:v1

Conversation

@kzap
Copy link
Copy Markdown
Contributor

@kzap kzap commented Jan 12, 2016
edited
Loading

fixes for eden v3, you still have to keep a branch for v1 or v3 or whatever was pre v4 so commits and updates can still be submitted for the old eden...

riamaria and others added 9 commits November 12, 2013 15:32
@riamaria
Wrapped table name to support reserved keywords as table names.
19bec10
@riamaria
Removed wrapping of table name to avoid issues with non MySQL databases.
b9967f5
add before and after events
3b7d140
Merge branch 'master' of https://github.com/Eden-PHP/Sql
7388e20
singleton to multiple
fa2399c
@kzap
- binding using is_numeric make it not use quotes around values which…
3918811 
… SQL may consider non-numeric like hex, notation and such. Only INT and digits are safe, floats are not either. May be best to just remove this check all together
@kzap
- allow filterBy to come out to field IN ('value','value2','value3'…
21868e7 
…) instead of just `field` = ('value','value2','value3')
Merge pull request Eden-PHP#1 from kzap/master
22ce4e8 
thanks @kzap merging
@kzap
better error reporting when query fails
4dc6466
@kzap
Copy link
Copy Markdown
Contributor Author

kzap commented Jan 15, 2016

can create a v3 branch and merge there

kzap added 2 commits May 19, 2017 13:48
@kzap
Everytime you start a query you should clear the $binds object or els…
25191a6 
…e it will be polluted the next time the database object is reused in the same script

- created a clearBinds() method
- also clearBinds() if the query fails
- dont use $this->binds = array(), use clearBinds() method
@kzap
Clear database binds before building a query or else
37db2bc 
- Calling search()->getQuery() multiple times will now return the same result because we clear binds!
@kzap kzap changed the title better error reporting when query fails Fix DB $binds property pollution issues May 19, 2017
@kzap
Copy link
Copy Markdown
Contributor Author

kzap commented May 19, 2017
edited
Loading

Pls create a v1 branch and merge this into it

$binds on the database object gets re-used across all database queries since its normal not to instantiate the database object per query.

The only place $binds is cleared is if query() succeeds, but at any point before that it can fail and if you catch the exception and run the query again using the same database object, your $binds will be polluted with the values from the last query.

So what I did was cleared out the $binds property anywhere it was used before we start binding values, that way its always clean, and if an exception occurs, we clear it also.

v4 branch will need this also probably

@cblanquera
Copy link
Copy Markdown

cblanquera commented May 19, 2017

This is eden v1 https://github.com/openovate/eden

@kzap kzap changed the base branch from master to v3 May 19, 2017 08:07
@kzap
Copy link
Copy Markdown
Contributor Author

kzap commented May 19, 2017

has extra commits because v3 should be up to 22ce4e8
then it became v4

@kzap
Copy link
Copy Markdown
Contributor Author

kzap commented May 19, 2017
edited
Loading

ok this is for v3 branch then, updated PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kzap @cblanquera @riamaria