Bug #80872

QueryGenerator::getSelectQuery can use Doctrine bind values but throws them away and also the return type is wrong

Added by Christer V over 2 years ago. Updated 12 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Database API (Doctrine DBAL)
Target version:
Start date:
2017-04-18
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If an none admin call QueryGenerator::getSelectQuery, bind values will be assign to the $queryBuilder and then thrown away, since the method just returns the string $queryBuilder->getSQL(). This will cause an sql error:

Error: An exception occurred while executing 'SELECT `header`, `uid`, `pid`, `pid`, `deleted` FROM `tt_content` WHERE (`pid` IN (:dcValue1)) AND (tt_content.CType = 'test') AND (`tt_content`.`deleted` = 0) LIMIT 100': You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':dcValue1)) AND (tt_content.CType = 'test') AND (`tt_content`.`deleted` = 0) L' at line 1

Also the return type is notes as bool|\mysqli_result|object but is actually a string.

Associated revisions

Revision 52e57524 (diff)
Added by Christer V over 2 years ago

[BUGFIX] Embed parameters in SQL fragment create by getSelectQuery

Use quoted/escaped values embedded in the SQL fragment instead of named
parameters in QueryGenerator::getSelectQuery. The values of named
parameters get lost when the SQL fragment is returned and subsequently
used in a query.

Resolves: #80872
Releases: master, 8.7
Change-Id: If22bf24b75d2aa0efe36e587e38e7c590f3ec34a
Reviewed-on: https://review.typo3.org/52472
Tested-by: TYPO3com <>
Reviewed-by: Christer V <>
Reviewed-by: Anders Kostending <>
Reviewed-by: Kasper Ligaard <>
Tested-by: Kasper Ligaard <>
Reviewed-by: Morton Jonuschat <>
Tested-by: Morton Jonuschat <>

Revision 6fe99bc8 (diff)
Added by Christer V over 2 years ago

[BUGFIX] Embed parameters in SQL fragment create by getSelectQuery

Use quoted/escaped values embedded in the SQL fragment instead of named
parameters in QueryGenerator::getSelectQuery. The values of named
parameters get lost when the SQL fragment is returned and subsequently
used in a query.

Resolves: #80872
Releases: master, 8.7
Change-Id: If22bf24b75d2aa0efe36e587e38e7c590f3ec34a
Reviewed-on: https://review.typo3.org/52893
Tested-by: TYPO3com <>
Reviewed-by: Morton Jonuschat <>
Tested-by: Morton Jonuschat <>

History

#1 Updated by Christer V over 2 years ago

  • Category set to Database API (Doctrine DBAL)

#2 Updated by Gerrit Code Review over 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#3 Updated by Gerrit Code Review over 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#4 Updated by Gerrit Code Review over 2 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#5 Updated by Gerrit Code Review over 2 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#6 Updated by Gerrit Code Review over 2 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#7 Updated by Gerrit Code Review over 2 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52472

#8 Updated by Gerrit Code Review over 2 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52893

#9 Updated by Christer V over 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#10 Updated by Benni Mack 12 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF