Project

General

Profile

Actions
Copy link

Bug #102089

closed

Massive amoun of $qb->quoteIdentifier leads to non-replacing the "markers"

Added by Paul Beck about 1 year ago. Updated 6 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Database API (Doctrine DBAL)
Target version:
-
Start date:
2023-10-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.0
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I have an issue with a large amount of data within a single query. For selecting the values I want, I'm using $qb->quoteIdentifier(xy). However, when executing the query it returns an SQL error which shows up that the :dcValues where no longer replaced when executing the query. 

In my certain case its using within $qb->expr()->inSet('xy', $qb->quoteIdentifier(xy)) and the dc-Values are going up to dcValue25160.

With less records in the query its working, but this seems to be simply "to much"?

I did a workaround in this certain case that I was escaping the values myself.

Actions
Copy link
 #1

Updated by Christian Kuhn about 1 year ago

  • Status changed from New to Needs Feedback

Yeah. That's a limitation of DB engines, I think the magic number for mysql/maria is somewhere around 1000 placeholders.

The core stumbled upon this at various places already, and the solution was usually, to either split into multiple queries, or to not use placeholders in those cases.

In case you are walking into this with a query generated by core, this should probably be considered a core bug and should be fixed. Please point out the scenario where this is going wrong, if so.

In case that's a query generated by some of your extensions, or a third party extension, this should be changed in the affected extension (it's not a core issue, and this issue should be closed). As a kickstart, the core methods QueryBuilder->quoteArrayBasedValueListToIntegerList() and QueryBuilder->quoteArrayBasedValueListToStringList() can help in this area. Blaming the history of these methods and looking for usages should give some examples on how core solves the scenario. Be careful to get this right, though: If things are messed up, you're risking sql injection security issues.

Actions
Copy link
 #2

Updated by Georg Ringer 6 months ago

  • Status changed from Needs Feedback to Closed

closing issue as there is currently not a concrete issue. feel free to reopen a new ticket if it can be reproduced within the core

Actions
Copy link

Also available in: Atom PDF