Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OraclePlatform newly escapes backslahes and this leads to a problem #3328

Closed
vavra opened this issue Oct 23, 2018 · 5 comments
Closed

OraclePlatform newly escapes backslahes and this leads to a problem #3328

vavra opened this issue Oct 23, 2018 · 5 comments
Assignees
@morozov
Labels
Bug Oracle Quoting

Comments

@vavra
Copy link

vavra commented Oct 23, 2018
edited by morozov
Loading

Bug Report

This statement should return exactly one row and returns nothing

$sql = "SELECT 1  FROM DUAL WHERE '_123' LIKE "
   . $this->xgCon->getDatabasePlatform()->quoteStringLiteral('\\_%') . " ESCAPE '\\'";

Executed at version
"name": "doctrine/dbal",
"version": "v2.8.0",

At version
"name": "doctrine/dbal",
"version": "v2.5.1",
there is missing function quoteStringLiteral in OraclePlatform

The error is that newer version has in OraclePlatform function quoteStringLiteral with row
$str = str_replace('\', '\\', $str); // Oracle requires backslashes to be escaped aswell.

Please remove the function quoteStringLiteral from OraclePlatform.
The only thing that must be esacaped is a quote char and this is done at AbstractPlatform.

Note. This query

SELECT '\' FROM Dual;

executed at Sql Developer is valid, no backslash chars must be escaped and exactly one backshlash is returned.
@Ocramius
Copy link
Member

Ocramius commented Oct 23, 2018 via email

@vavra
Copy link
Author

vavra commented Oct 23, 2018

Well, it is obvious that in the latest source the bad line still remains:
https://github.com/doctrine/dbal/blob/master/lib/Doctrine/DBAL/Platforms/OraclePlatform.php

@morozov
Copy link
Member

morozov commented Oct 23, 2018
edited
Loading

The proposed approach seems legit:

$platform = $conn->getDatabasePlatform();
$query = $platform->getDummySelectSQL("'\\'");
var_dump($query);
var_dump($conn->fetchColumn($query));

// string(20) "SELECT '\' FROM DUAL"
// string(1) "\"

The additional escaping is not needed by default, and 1222e94 doesn't contain any functional tests explaining when exactly it's needed.

@morozov morozov mentioned this issue Oct 24, 2018
Merged
@ostrolucky
Copy link
Member

Dupe of #2926
Fixed by #3330

@github-actions
Copy link

github-actions bot commented Aug 1, 2022

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 1, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@morozov morozov

Labels
Bug Oracle Quoting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@morozov @Ocramius @ostrolucky @vavra