ZF-2692 - Issues - Zend Framework

ZF-2692: Zend_Db_Profiler::queryStart() uses unsafe method to examine query type.

Issue Type:

Improvement

Created:

2008-02-20T07:20:49.000+0000

Last Updated:

2012-03-28T02:17:10.000+0000

Status:

Resolved

Fix version(s):

1.8.1 (12/May/09)

Reporter:

Björn Rylander (hasslarp)

Assignee:

Satoru Yoshida (satoruyoshida)

Tags:

Zend_Db_Profiler

Related issues:

Attachments:

Description

Zend_Db_Profiler::queryStart() takes the first 6 characters in the query string to determine which kind of query it is. This is unsafe because a query might for example start with a parenthesis. Possible solution: check position of the words INSERT, DELETE, SELECT, and UPDATE. Whichever comes first decides what kind of query it is.

Comments

Posted by Wil Sinclair (wil) on 2008-03-25T20:43:56.000+0000

Please categorize/fix as needed.

Posted by Wil Sinclair (wil) on 2008-12-04T12:53:17.000+0000

Reassigning as Ralph is the maintainer of Zend_Db

Posted by old of Satoru Yoshida (yoshida@zend.co.jp) on 2009-05-08T01:43:21.000+0000

add ltrim() to queryText at SVN r15396 .