ZF-7737: quoteInto won't accept valid SQL if question mark is in first position.

Issue Type: Bug Created: 2009-08-31T09:18:18.000+0000 Last Updated: 2009-11-20T09:42:23.000+0000 Status: Resolved Fix version(s): - 1.9.6 (24/Nov/09)

Reporter: Manuel Aude Morales (mamsaac) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Db

Related issues: Attachments: - Abstract.patch


In Zend_Db_Adapter_Abstract

public function quoteInto($text, $value, $type = null, $count = null) { if ($count === null) { return str_replace('?', $this->quote($value, $type), $text); } else { while ($count > 0) { if (strpos($text, '?') != false) { $text = substr_replace($text, $this->quote($value), strpos($text, '?'), 1); } --$count; } return $text; } }

In the line "if (strpos($text, '?') != false) {", it should be !== and not !=, since position returned can be 0. Else, $table->select()->where('? = id', 123); //sample taken from forum in which I first wrote about this which is valid, won't work.

Nothing fancy, but I think it could affect some people =)


Posted by Steve Hollis (stevehollis) on 2009-11-19T12:33:35.000+0000

Patch for Zend_Db_Abstract and test case attached.

Posted by Matthew Weier O'Phinney (matthew) on 2009-11-20T09:42:23.000+0000

Patch applied to trunk and 1.9 release branch. In the future, please create your patches from the root of your ZF installation to ensure we patch the correct files. (There are many "Abstract.php" and "TestCommon.php" files!)

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.