[#ZF-3512] Improper handling of unsigned int values in quote() - Zend Framework Issue Tracker

Details

Type: Bug
Status: Reopened
Priority: N/A
Resolution: Unresolved
Affects Version/s: 1.5.1, 1.5.2
Fix Version/s: None
Component/s: Zend_Db_Adapter_Mysqli
Labels:
None

Description

The default quote() method of the parent class (Zend_Db_Adapter_Abstract) uses the following cast operations to ensure that the value is a valid 32-bit integer.

case Zend_Db::INT_TYPE: // 32-bit integer
return (string) intval($value);
break;

This works for signed integers, but for fields declared as UNSIGNED in MySQL, this turns valid values between 2147483648 and 4294967296 into '2147483647'.

More Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

ZF-3512.patch

09/Feb/10 7:10 PM

22 kB

Maghiel Dijksman
ZF-3512-TESTS.patch

14/Feb/10 7:07 PM

3 kB

Maghiel Dijksman

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Maghiel Dijksman added a comment - 06/Feb/10 6:58 PM

I think a possible solution would be to add Zend_Db::UNSIGNED_TYPE type,
add
case Zend_Db::UNSIGNED_TYPE: // Unsigned integer
$quotedValue = sprintf('%u', $value);
break;
to Zend_Db_Adapter_Abstract::quote()

and implement in all adapters.

Ralph if you want I can write a patch, i'm almost done with it, but time for bed now.

Show

Maghiel Dijksman added a comment - 06/Feb/10 6:58 PM I think a possible solution would be to add Zend_Db::UNSIGNED_TYPE type, add case Zend_Db::UNSIGNED_TYPE: // Unsigned integer $quotedValue = sprintf('%u', $value); break; to Zend_Db_Adapter_Abstract::quote() and implement in all adapters. Ralph if you want I can write a patch, i'm almost done with it, but time for bed now.

Hide

Permalink

Maghiel Dijksman added a comment - 09/Feb/10 7:10 PM

Here's a patch. Passes all current unit tests.

UNSIGNED_TYPE might not be the best name for the constant,
as this patch only implements integers as unsigned types. But would extending it
to other datatypes be necessary? Maybe for consequence and completeness sake...

Am I taking the right actions to take on bugs like this?
If not, someone please slap me

If this is the right way and this patch is ok, I'll write tests for it tomorrow!
Let me know

Show

Maghiel Dijksman added a comment - 09/Feb/10 7:10 PM Here's a patch. Passes all current unit tests. UNSIGNED_TYPE might not be the best name for the constant, as this patch only implements integers as unsigned types. But would extending it to other datatypes be necessary? Maybe for consequence and completeness sake... Am I taking the right actions to take on bugs like this? If not, someone please slap me

If this is the right way and this patch is ok, I'll write tests for it tomorrow! Let me know

Hide

Permalink

Maghiel Dijksman added a comment - 09/Feb/10 7:26 PM

I looked at the activity log and it didn't really look like anyone was working on this? So I took the liberty of assigning it to myself. Someone please review!

Show

Maghiel Dijksman added a comment - 09/Feb/10 7:26 PM I looked at the activity log and it didn't really look like anyone was working on this? So I took the liberty of assigning it to myself. Someone please review!

Hide

Permalink

Maghiel Dijksman added a comment - 14/Feb/10 7:07 PM

Tests

Show

Maghiel Dijksman added a comment - 14/Feb/10 7:07 PM Tests

Hide

Permalink

Maghiel Dijksman added a comment - 14/Feb/10 7:08 PM

Please review

Show

Maghiel Dijksman added a comment - 14/Feb/10 7:08 PM Please review

Hide

Permalink

Holger Schletz added a comment - 25/Feb/10 12:32 AM

Unsigned integers are not part of the SQL standard and not available on all DBMS. How will this patch affect compatibility with DBMS that don't support it, like PostgreSQL? Is it wise to implement it in their respective adapters?

Show

Holger Schletz added a comment - 25/Feb/10 12:32 AM Unsigned integers are not part of the SQL standard and not available on all DBMS. How will this patch affect compatibility with DBMS that don't support it, like PostgreSQL? Is it wise to implement it in their respective adapters?

Hide

Permalink

Mickael Perraud added a comment - 25/Feb/10 7:37 AM

Why this issue is 'Fixed' as there is no associated SVN commit?

Show

Mickael Perraud added a comment - 25/Feb/10 7:37 AM Why this issue is 'Fixed' as there is no associated SVN commit?

Hide

Permalink

Maghiel Dijksman added a comment - 25/Feb/10 12:09 PM

Sorry guys, I was confused with the workflow of my work when I put the status of this issue to Resolved.

Show

Maghiel Dijksman added a comment - 25/Feb/10 12:09 PM Sorry guys, I was confused with the workflow of my work when I put the status of this issue to Resolved.

Hide

Permalink

Maghiel Dijksman added a comment - 25/Feb/10 12:35 PM

Not committed into repo

Show

Maghiel Dijksman added a comment - 25/Feb/10 12:35 PM Not committed into repo

Hide

Permalink

Maghiel Dijksman added a comment - 25/Feb/10 12:41 PM

Assigned to automatic, please review and commit attached patches

Show

Maghiel Dijksman added a comment - 25/Feb/10 12:41 PM Assigned to automatic, please review and commit attached patches

Hide

Permalink

Marc Bennewitz (private) added a comment - 08/Jun/11 5:27 AM

The constant Zend_Db::UNSIGNED_TYPE is very confusing because UNSIGNED is an additional flag of 'all' numeric data types.
I think it would better to throw an exception if the value to quote has non numeric characters or how do you quote $db->quote('abc', Zend_Db::INT_TYPE);

Show

Marc Bennewitz (private) added a comment - 08/Jun/11 5:27 AM The constant Zend_Db::UNSIGNED_TYPE is very confusing because UNSIGNED is an additional flag of 'all' numeric data types. I think it would better to throw an exception if the value to quote has non numeric characters or how do you quote $db->quote('abc', Zend_Db::INT_TYPE);

People

Assignee:

Ralph Schindler

Reporter:

Andrew Ballard

Vote (0)

Watch (4)

Dates

Created:

25/Jun/08 1:48 PM

Updated:

08/Jun/11 5:27 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: