Issues

ZF-11523: Bound variables lost when passing query to database adapter in Zend_Auth_Adapter_DbTable

Description

Hi,

I have overridden Zend_Auth_Adapter_DbTable for customization purpose. I also overridden Zend_Db_Select to provide bindings/parameterized queries also with 'where' conditions.

Because of the $dbSelect->__toString() (in Zend/Auth/Adapter/DbTable.php@480), my object is not called! So I have to rewrite _authenticateQuerySelect() method just to remove this strange usage.

I propose this patch:


480c480
<             $resultIdentities = $this->_zendDb->fetchAll($dbSelect->__toString());
---
>             $resultIdentities = $this->_zendDb->fetchAll($dbSelect);

Hope this so simple path will be approved.

Thx a lot for your work on this good framework (it really helps me!), Wilfried

Comments

The issue at hand is that the user's superclass of {{Zend_Db_Select}} binds variables to the query, but these bindings are lost because {{Zend_Auth_Adapter_DbTable}} is cast to a string before being passed to the database adapter. Passing the {{Zend_Db_Select}} object directly rather than just the SQL string allows {{Zend_Db_Adapter::query}} to pull the bound variables and use them to execute the statement.

Fixed in trunk r24184 Merged to release-1.11 in r24185

Thx a lot for your quick support, it's a pleasure to help for the ZF enhancement :).