[#ZF-1563] QuoteInto doesn't work with Sqlite - Zend Framework Issue Tracker

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.0.0 RC2
Fix Version/s: 1.5.2
Component/s: Zend_Db
Labels:
None

Fix Version Priority:
Should Have

Description

We discover a problem with quoteInto and SQLite.

The Zend Framework generate this kind of SQL (we use quoteInto for projects_id and users_id):

DELETE FROM "usvn_users_to_projects" WHERE (projects_id = '1' AND users_id = 1)

But in SQlite quote seems to be mandatory and we need write:

DELETE FROM "usvn_users_to_projects" WHERE (projects_id = '1' AND users_id = '1')

We made an ugly hack to fix the problem into Zend/Db/Adapter/Pdo/Sqlite.php

public function quote($value)
{
    if (is_int($value) || is_float($value)) {
       return parent::quote("$value");
    }
    return parent::quote($value);
}

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Bill Karwin added a comment - 14/Jun/07 3:06 PM

I'm not sure I understand. Are the SQL datatypes of projects_id and users_id integer or varchar?

Does SQLite have a problem comparing an integer literal to a varchar? Some RDBMS brands have the opposite problem, you can't compare a string literal to an integer column.

You also have a workaround:

$expr = $db->quoteInto('users_id = ?', (string) 1);

Show

Bill Karwin added a comment - 14/Jun/07 3:06 PM I'm not sure I understand. Are the SQL datatypes of projects_id and users_id integer or varchar? Does SQLite have a problem comparing an integer literal to a varchar? Some RDBMS brands have the opposite problem, you can't compare a string literal to an integer column. You also have a workaround:

$expr = $db->quoteInto('users_id = ?', (string) 1);

Hide

Permalink

Bill Karwin added a comment - 14/Jun/07 3:07 PM

This is not a critical bug, since there are already two workarounds.

I'd be glad to fix it regardless, but I'm reducing the severity.

Show

Bill Karwin added a comment - 14/Jun/07 3:07 PM This is not a critical bug, since there are already two workarounds. I'd be glad to fix it regardless, but I'm reducing the severity.

Hide

Permalink

Bill Karwin added a comment - 14/Jun/07 3:11 PM

Resolved in revision 5314.

Show

Bill Karwin added a comment - 14/Jun/07 3:11 PM Resolved in revision 5314.

Hide

Permalink

Bill Karwin added a comment - 28/Jun/07 9:00 PM

Reopening. SQLite does require that integers are compared to integers, and strings are compared to strings.

Show

Bill Karwin added a comment - 28/Jun/07 9:00 PM Reopening. SQLite does require that integers are compared to integers, and strings are compared to strings.

Hide

Permalink

Bill Karwin added a comment - 28/Jun/07 9:01 PM

Fixed in revision 5493.

Show

Bill Karwin added a comment - 28/Jun/07 9:01 PM Fixed in revision 5493.

Hide

Permalink

Julien Duponchelle added a comment - 27/Sep/07 4:58 AM

Problem is still present. That's why we use this patch:
=== www/Zend/Db/Adapter/Pdo/Sqlite.php
==================================================================
— www/Zend/Db/Adapter/Pdo/Sqlite.php (revision 1088)
+++ www/Zend/Db/Adapter/Pdo/Sqlite.php (local)
@@ -278,4 +278,22 @@
return $sql;
}

+ /**
+ * Safely quotes a value for an SQL statement.
+ *
+ * If an array is passed as the value, the array values are quoted
+ * and then returned as a comma-separated string.
+ *
+ * @param mixed $value The value to quote.
+ * @param mixed $type OPTIONAL the SQL datatype name, or constant, or null.
+ * @return mixed An SQL-safe quoted value (or string of separated values).
+ */
+ public function quote($value, $type = null)
+ {
+ if (is_int($value) || is_float($value)) { + return parent::quote("$value", $type); + }
+ return parent::quote($value, $type);
+ }
+
}

Show

Julien Duponchelle added a comment - 27/Sep/07 4:58 AM Problem is still present. That's why we use this patch: === www/Zend/Db/Adapter/Pdo/Sqlite.php ================================================================== — www/Zend/Db/Adapter/Pdo/Sqlite.php (revision 1088) +++ www/Zend/Db/Adapter/Pdo/Sqlite.php (local) @@ -278,4 +278,22 @@ return $sql; } + /** + * Safely quotes a value for an SQL statement. + * + * If an array is passed as the value, the array values are quoted + * and then returned as a comma-separated string. + * + * @param mixed $value The value to quote. + * @param mixed $type OPTIONAL the SQL datatype name, or constant, or null. + * @return mixed An SQL-safe quoted value (or string of separated values). + */ + public function quote($value, $type = null) + { + if (is_int($value) || is_float($value)) { + return parent::quote("$value", $type); + } + return parent::quote($value, $type); + } + }

Hide

Permalink

Bill Karwin added a comment - 17/Oct/07 3:31 PM

Unmark fixed version.

Show

Bill Karwin added a comment - 17/Oct/07 3:31 PM Unmark fixed version.

Hide

Permalink

Wil Sinclair added a comment - 21/Mar/08 5:05 PM

This issue should have been fixed for the 1.5 release.

Show

Wil Sinclair added a comment - 21/Mar/08 5:05 PM This issue should have been fixed for the 1.5 release.

Hide

Permalink

Wil Sinclair added a comment - 25/Mar/08 8:43 PM

Please categorize/fix as needed.

Show

Wil Sinclair added a comment - 25/Mar/08 8:43 PM Please categorize/fix as needed.

Hide

Permalink

Wil Sinclair added a comment - 18/Apr/08 1:12 PM

This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Show

Wil Sinclair added a comment - 18/Apr/08 1:12 PM This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Hide

Permalink

Simon Mundy added a comment - 19/Jun/08 12:37 AM

Hi Julian

I'm looking into this for the 1.6 release if it's able to be resolved. Can I clarify - what is the reason for explicitly casting as a string by default? The only concern I have defaulting to a string type is that it will break an existing expected behaviour. Or is SQLite expecting a string and this behaviour has always been incorrect.

The patch itself is straight-forward, as are the tests, but I want to be sure this is absolutely required before committing.

Show

Simon Mundy added a comment - 19/Jun/08 12:37 AM Hi Julian I'm looking into this for the 1.6 release if it's able to be resolved. Can I clarify - what is the reason for explicitly casting as a string by default? The only concern I have defaulting to a string type is that it will break an existing expected behaviour. Or is SQLite expecting a string and this behaviour has always been incorrect. The patch itself is straight-forward, as are the tests, but I want to be sure this is absolutely required before committing.

Hide

Permalink

Julien Duponchelle added a comment - 19/Jun/08 2:22 PM

I just test and now it's work without our patch. Thanks for your help.

Show

Julien Duponchelle added a comment - 19/Jun/08 2:22 PM I just test and now it's work without our patch. Thanks for your help.

People

Assignee:

Simon Mundy

Reporter:

Julien Duponchelle

Vote (0)

Watch (0)

Dates

Created:

14/Jun/07 5:37 AM

Updated:

19/Jun/08 2:22 PM

Resolved:

19/Jun/08 2:22 PM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified