ZF-3512: Improper handling of unsigned int values in quote()

Issue Type: Bug Created: 2008-06-25T13:48:00.000+0000 Last Updated: 2011-06-08T05:27:04.000+0000 Status: Reopened Fix version(s): Reporter: Andrew Ballard (aballard) Assignee: Ralph Schindler (ralph) Tags: - Zend_Db_Adapter_Mysqli

Related issues: Attachments: - ZF-3512-TESTS.patch


The default quote() method of the parent class (Zend_Db_Adapter_Abstract) uses the following cast operations to ensure that the value is a valid 32-bit integer.

            case Zend_Db::INT_TYPE: // 32-bit integer
                return (string) intval($value);

This works for signed integers, but for fields declared as UNSIGNED in MySQL, this turns valid values between 2147483648 and 4294967296 into '2147483647'.


Posted by Maghiel Dijksman (maghiel) on 2010-02-06T18:58:48.000+0000

I think a possible solution would be to add Zend_Db::UNSIGNED_TYPE type, add case Zend_Db::UNSIGNED_TYPE: // Unsigned integer $quotedValue = sprintf('%u', $value); break; to Zend_Db_Adapter_Abstract::quote()

and implement in all adapters.

Ralph if you want I can write a patch, i'm almost done with it, but time for bed now.

Posted by Maghiel Dijksman (maghiel) on 2010-02-09T19:10:19.000+0000

Here's a patch. Passes all current unit tests.

UNSIGNED_TYPE might not be the best name for the constant, as this patch only implements integers as unsigned types. But would extending it to other datatypes be necessary? Maybe for consequence and completeness sake...

Am I taking the right actions to take on bugs like this? If not, someone please slap me ;)

If this is the right way and this patch is ok, I'll write tests for it tomorrow! Let me know :)

Posted by Maghiel Dijksman (maghiel) on 2010-02-09T19:26:34.000+0000

I looked at the activity log and it didn't really look like anyone was working on this? So I took the liberty of assigning it to myself. Someone please review!

Posted by Maghiel Dijksman (maghiel) on 2010-02-14T19:07:26.000+0000


Posted by Maghiel Dijksman (maghiel) on 2010-02-14T19:08:47.000+0000

Please review

Posted by Holger Schletz (hschletz) on 2010-02-25T00:32:16.000+0000

Unsigned integers are not part of the SQL standard and not available on all DBMS. How will this patch affect compatibility with DBMS that don't support it, like PostgreSQL? Is it wise to implement it in their respective adapters?

Posted by Mickael Perraud (mikaelkael) on 2010-02-25T07:37:02.000+0000

Why this issue is 'Fixed' as there is no associated SVN commit?

Posted by Maghiel Dijksman (maghiel) on 2010-02-25T12:09:45.000+0000

Sorry guys, I was confused with the workflow of my work when I put the status of this issue to Resolved.

Posted by Maghiel Dijksman (maghiel) on 2010-02-25T12:35:40.000+0000

Not committed into repo

Posted by Maghiel Dijksman (maghiel) on 2010-02-25T12:41:01.000+0000

Assigned to automatic, please review and commit attached patches

Posted by Marc Bennewitz (private) (mabe) on 2011-06-08T05:27:04.000+0000

The constant Zend_Db::UNSIGNED_TYPE is very confusing because UNSIGNED is an additional flag of 'all' numeric data types. I think it would better to throw an exception if the value to quote has non numeric characters or how do you quote $db->quote('abc', Zend_Db::INT_TYPE);

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.