Sqlite error - 'db_insert' function as 'Replace'. (SMF2)

Started by Nathaniel, October 07, 2009, 06:51:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Nathaniel

October 07, 2009, 06:51:15 PM
Same issue as below, but for Sqlite not Postgresql:
http://www.simplemachines.org/community/index.php?topic=340003.0

File: Subs-Db-sqlite.php
Function: smf_db_insert
Line: 505

Find:
Code Select
$count = 0;
foreach ($columns as $columnName => $type)
{
// Are we restricting the length?
if (strpos($type, 'string-') !== false)
$actualType = sprintf($columnName . ' = SUBSTR({string:%1$s}, 1, ' . substr($type, 7) . '), ', $count);
else
$actualType = sprintf($columnName . ' = {%1$s:%2$s}, ', $type, $count);

// If it's a key we don't actally update it.
if (in_array($columnName, $keys))
$where .= (empty($where) ? '' : ' AND ') . substr($actualType, 0, -2);
else
$updateData .= $actualType;

$count++;
}

Replace:
Code Select
foreach ($columns as $columnName => $type)
{
// Are we restricting the length?
if (strpos($type, 'string-') !== false)
$actualType = sprintf($columnName . ' = SUBSTR({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
else
$actualType = sprintf($columnName . ' = {%1$s:%2$s}, ', $type, $columnName);

// If it's a key we don't actally update it.
if (in_array($columnName, $keys))
$where .= (empty($where) ? '' : ' AND ') . substr($actualType, 0, -2);
else
$updateData .= $actualType;
}
SMF Friend (Former Support Specialist) | SimplePortal Developer
My SMF Mods | SimplePortal

"Quis custodiet ipsos custodes?" - Who will Guard the Guards?

Please don't send me ANY support related PMs. I will just delete them.

Nathaniel

#1
October 08, 2009, 06:49:38 AM Last Edit: November 16, 2009, 08:51:32 PM by Nathaniel
Unfortunately its not quite that painless, that fix introduced another issue, which breaks quite a lot of calls to the 'smf_db_insert' function. (like the entire updateSettings function :S)

The change I posted above, forces that function to only accept data using the specfic column names (whereas it previously forced you not to pass any). For consistancy with the relevant Mysql function, it should allow both. The fix below should fix that (as well as the fix above). ;)

Find:
Code Select
// Try and update the entries.
if (!empty($updateData))
foreach ($data as $k => $entry)
{
$smcFunc['db_query']('', '
UPDATE ' . $table . '
SET ' . $updateData . '
' . (empty($where) ? '' : ' WHERE ' . $where),
$entry, $connection
);

// Make a note that the replace actually overwrote.
if ($smcFunc['db_affected_rows']() != 0)
unset($data[$k]);
}

Replace:
Code Select
// Create an array consisting of only the columns.
$indexed_columns = array_keys($columns);

// Try and update the entries.
if (!empty($updateData))
foreach ($data as $k => $entry)
{
$smcFunc['db_query']('', '
UPDATE ' . $table . '
SET ' . $updateData . '
' . (empty($where) ? '' : ' WHERE ' . $where),
array_combine($indexed_columns, $entry), $connection
);

// Make a note that the replace actually overwrote.
if ($smcFunc['db_affected_rows']() != 0)
unset($data[$k]);
}

Edit: Removed debugging code (var_dump function call).
SMF Friend (Former Support Specialist) | SimplePortal Developer
My SMF Mods | SimplePortal

"Quis custodiet ipsos custodes?" - Who will Guard the Guards?

Please don't send me ANY support related PMs. I will just delete them.

Norv

#3
December 05, 2009, 06:20:54 PM
Nath, can you please tell, a scenario in which you get the initial errors?
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

emanuele

#4
May 29, 2011, 04:19:35 AM
resolved in tracker moving to fixed


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.
Print
Go Up Pages1
User actions
Advertisement: