ZF-3512: Improper handling of unsigned int values in quote()


The default quote() method of the parent class (Zend_Db_Adapter_Abstract) uses the following cast operations to ensure that the value is a valid 32-bit integer.

            case Zend_Db::INT_TYPE: // 32-bit integer
                return (string) intval($value);

This works for signed integers, but for fields declared as UNSIGNED in MySQL, this turns valid values between 2147483648 and 4294967296 into '2147483647'.


I think a possible solution would be to add Zend_Db::UNSIGNED_TYPE type, add case Zend_Db::UNSIGNED_TYPE: // Unsigned integer $quotedValue = sprintf('%u', $value); break; to Zend_Db_Adapter_Abstract::quote()

and implement in all adapters.

Ralph if you want I can write a patch, i'm almost done with it, but time for bed now.

Here's a patch. Passes all current unit tests.

UNSIGNED_TYPE might not be the best name for the constant, as this patch only implements integers as unsigned types. But would extending it to other datatypes be necessary? Maybe for consequence and completeness sake...

Am I taking the right actions to take on bugs like this? If not, someone please slap me ;)

If this is the right way and this patch is ok, I'll write tests for it tomorrow! Let me know :)

I looked at the activity log and it didn't really look like anyone was working on this? So I took the liberty of assigning it to myself. Someone please review!


Please review

Unsigned integers are not part of the SQL standard and not available on all DBMS. How will this patch affect compatibility with DBMS that don't support it, like PostgreSQL? Is it wise to implement it in their respective adapters?

Why this issue is 'Fixed' as there is no associated SVN commit?

Sorry guys, I was confused with the workflow of my work when I put the status of this issue to Resolved.

Not committed into repo

Assigned to automatic, please review and commit attached patches

The constant Zend_Db::UNSIGNED_TYPE is very confusing because UNSIGNED is an additional flag of 'all' numeric data types. I think it would better to throw an exception if the value to quote has non numeric characters or how do you quote $db->quote('abc', Zend_Db::INT_TYPE);