ZF-2692: Zend_Db_Profiler::queryStart() uses unsafe method to examine query type.

Issue Type: Improvement Created: 2008-02-20T07:20:49.000+0000 Last Updated: 2012-03-28T02:17:10.000+0000 Status: Resolved Fix version(s): - 1.8.1 (12/May/09)

Reporter: Björn Rylander (hasslarp) Assignee: Satoru Yoshida (satoruyoshida) Tags: - Zend_Db_Profiler

Related issues: Attachments:


Zend_Db_Profiler::queryStart() takes the first 6 characters in the query string to determine which kind of query it is. This is unsafe because a query might for example start with a parenthesis. Possible solution: check position of the words INSERT, DELETE, SELECT, and UPDATE. Whichever comes first decides what kind of query it is.


Posted by Wil Sinclair (wil) on 2008-03-25T20:43:56.000+0000

Please categorize/fix as needed.

Posted by Wil Sinclair (wil) on 2008-12-04T12:53:17.000+0000

Reassigning as Ralph is the maintainer of Zend_Db

Posted by old of Satoru Yoshida ( on 2009-05-08T01:43:21.000+0000

add ltrim() to queryText at SVN r15396 .

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.