Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

escapeLike issue on postgre #159

Closed
cdujeu opened this issue Jan 22, 2015 · 8 comments
Closed

escapeLike issue on postgre #159

cdujeu opened this issue Jan 22, 2015 · 8 comments

Comments

@cdujeu
Copy link

cdujeu commented Jan 22, 2015

Hi David,

First of all, thanks for your great work. As you maybe already know, Dibi is our historical ORM for the Pydio project, and we love it: doing the job efficiently, and very lightweight (we embed the minified version).
I'm not totally sure this is an issue, or maybe a postgre config or version problem, I must admit I'm not a PG expert. We are encountering an issue with LIKE queries containing an underscore, and I happened to fix this by changing the escapeLike function of the PG driver to replace '' by _ instead of \ .
Which gives for the escapeLike function

function escapeLike($value,$pos){
    $value=pg_escape_string($this->connection,$value);
    $value=strtr($value,array('%'=>'\\%','_'=>'\\_'));
    return($pos<=0?"'%":"'").$value.($pos>=0?"%'":"'");
}

Do you know if it's a bug or something wrong on my -db- side?
Using PG 9.3 BTW.

Cheers
Charles
@cdujeu cdujeu mentioned this issue Jan 22, 2015
Closed
@milo
Copy link
Collaborator

milo commented Jan 22, 2015

The PostgreSQL specifies two special chars in LIKE pattern: the _ and %. So, this two must be escaped in user input.

Problem may be the standard_conforming_strings directive.

Imho, the right solution is the:

return 'E' . ($pos <= 0 ? "'%" : "'") . $value . ($pos >= 0 ? "%'" : "'");

It should work with any PostgreSQL setting. Can you confirm that?

@JanTvrdik
Copy link
Contributor

Does this directly affect only LIKE?

milo added a commit to milo/dibi that referenced this issue Jan 22, 2015
@milo
DibiPostgreDriver: use 'E' prefix in escapeLike() [Closes dg#159]
5ee7c79
milo added a commit to milo/dibi that referenced this issue Jan 22, 2015
@milo
PostgreDriver: consider standard_conforming_strings in escapeLike() [C…
8bc1648 
…loses dg#159]

The 'standard_conforming_strings' can be changed by SQL query 'SET', so realtime checking must be performed.
milo added a commit to milo/dibi that referenced this issue Jan 22, 2015
@milo
PostgreDriver: consider 'standard_conforming_strings' settings in esc…
585d9b4 
…apeLike() [Closes dg#159]
@cdujeu
Copy link
Author

cdujeu commented Jan 23, 2015

hi guys
sorry I was not available yesterday.
from my initial debugging / testing, escaping with \ was finally executing a request with eg. _ instead of _
That's why I changed the line.
I'll try with your last commits and tell you.
And yes it was affecting only like, as _ is a specific wildcard used in LIKE queries.
-c

@milo
Copy link
Collaborator

milo commented Jan 23, 2015

@cdujeu I hope it is solved by #160

@cdujeu
Copy link
Author

cdujeu commented Jan 23, 2015

@milo currently using the minified version, could you generate such a file including your latest commits? Will be more straightforward to test... thx in advance

@milo
Copy link
Collaborator

milo commented Jan 23, 2015

@cdujeu Unfortunately not. @dg has the minifier. The /dibi only directory and the dibi/dibi.php loading should work...

@cdujeu
Copy link
Author

cdujeu commented Jan 23, 2015

@dg any quick help on this ;-) ?

@dg dg closed this as completed in 91e2d76 Jan 23, 2015
@cdujeu
Copy link
Author

cdujeu commented Jan 23, 2015

Confirmed. Thank you so much to all for your reactivity.

dg pushed a commit that referenced this issue Jan 25, 2015
@milo @dg
Postgre: fixed %like escaping [Closes #159]
8a5eddf
jasir added a commit to jasir/dibi that referenced this issue Mar 2, 2015
@jasir
Merge branch 'master' into jasir (v2.3)
27b9716 
* master: (37 commits)
  Released version 2.3.1
  removed version.txt
  dibi: named connections are allowed [Closes dg#161]
  Dibi: Dump now recognize MsSql2012 offset as keyword
  DibiPdoDriver: added support for MsSql2012 Offset
  Tracy\Panel: added vector icon
  added contributing.md
  Released version 2.3.0
  Postgre: added test for matching by %like
  Postgre: fixed %like escaping [Closes dg#159]
  Dibi: $defaultDriver changed to mysqli [Closes dg#156]
  Released 2.3.0-RC1
  removed bridge for Nette 2.0 (BC break)
  dibi: named connections and activate() are deprecated (BC break)
  DibiFluent: add `leftJoin` and `on` to phpdoc.
  DibiFirePhpLogger: save some header operations for sites with hundreds of sql queries.
  DibiFirePhpLogger: Allow user defined size of json stream chunks [Closes dg#148]
  DibiTranslator: respect %if blocks for %lmt and %ofs as well [Closes dg#145][Closes dg#87]
  DibiResult: float detection locale fix [Closes dg#154]
  DibiMySqliDriver.php: fixes for HHVM
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JanTvrdik @milo @cdujeu