Part of the EllisLab Network

Bug Report

Active Record, empty WHERE() call results in invalid SQL syntax
Date: 05/15/2008 Severity: Major
Status: Duplicate Reporter: XtraFile
Version: 1.6.2
Keywords: Libraries, Database Class

Description

There is a bug in the active record database class that results in invalid syntax if someone submits an empty WHERE call, EG:
======================
db->where(‘id, ’‘);

_It should equal_

WHERE id = ’‘

_It really equals_

WHERE id =
=====================
I would consider this a serious bug. Because of this i have include a patch to resolve this bug.
———————————————————————
Index: DB_active_rec.php
===================================================================
—- DB_active_rec.php   (revision 1165)
+++ DB_active_rec.php   (working copy)
@@ -461,6 +461,10 @@
                $v = ’ ’.$this->escape($v);
              }
            }
+          else
+          {
+              $v = " ''";
+          }
        }
        else
        {

Code Sample

$this->db->get_where('table', array('avitar !=' => ''));

Expected Result

SELECT * FROM (`condos`) WHERE avitar != ’‘

Actual Result

SELECT * FROM (`condos`) WHERE avitar !=

Comment on Bug Report

Page 1 of 1 pages
Posted by: XtraFile on 15 May 2008 5:47pm
no avatar

The system has stripped whitespace out of the patch, so here is a download to the file.
———————————-
http://rapidshare.com/files/115193840/DB_active_rec.patch.txt
Posted by: XtraFile on 15 May 2008 6:48pm
no avatar

There was an erro in my code, fuxoring sessions.
This code change fixes it:

Add after line 463:

else if($v === ’‘)
{
$v = ” ’‘“;
}

-Matt

Name:

Email:

Location:

URL:

Remember my personal information

Notify me of follow-up comments?