php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64002 mysqlnd_ms doesn't obey SQL query hints padded with whitespaces
Submitted: 2013-01-16 08:44 UTC Modified: 2013-01-30 21:06 UTC
From: ilari at exove dot com Assigned: uw (profile)
Status: Closed Package: mysqlnd_ms (PECL)
PHP Version: 5.3.20 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2013-01-16 08:44 UTC] ilari at exove dot com 
Description:
------------
We tried to use mysqlnd_ms query hints with Drupal 7 but it fails. This
Drupal patch fixes the problem:

--- includes/database/database.inc	2013-01-15 12:16:43.884567043 +0000
+++ includes/database/database.inc.new	2013-01-15 12:16:38.294587150 +0000
@@ -572,7 +572,7 @@
     $comment = implode('; ', $comments);
 
     // Sanitize the comment string so as to avoid SQL injection attacks.
-    return '/* ' . $this->filterComment($comment) . ' */ ';
+    return '/*' . $this->filterComment($comment) . '*/';
   }
 
   /**


But the real problem is not Drupal itself. It's mysqlnd_ms that refuses
to obey query hints when they're padded with whitespaces. mysqlnd_ms
version we have in use is 1.4.2. PHP is 5.3.20.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-30 21:06 UTC] uw@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: uw
 [2013-01-30 21:06 UTC] uw@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Fixed in trunk: http://news.php.net/php.pecl.cvs/19367

Not sure yet when to do the next release.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 05:01:30 2024 UTC