Bug 163490 - PEAR::DB autoExecute function does not work when updating with WHERE clause
Summary: PEAR::DB autoExecute function does not work when updating with WHERE clause
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
Depends On:
Blocks: 170417
TreeView+ depends on / blocked
Reported: 2005-07-18 10:18 UTC by Christian Rose
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHSA-2006-0276
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-25 14:27:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch that fixes the problem in PEAR::DB (466 bytes, patch)
2005-07-18 10:18 UTC, Christian Rose
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0276 normal SHIPPED_LIVE Moderate: php security update 2006-04-25 04:00:00 UTC

Description Christian Rose 2005-07-18 10:18:11 UTC
Description of problem:

The current php package in RHEL 3 includes version 1.3 of the PEAR DB package.
That version has a problem that will be triggered in some cases, for example
when using the PEAR::DB autoExecute() function for updating a row in a table by
using a WHERE clause.

Consider the following example MySQL table:

  CREATE TABLE `products` (
    `id` int(11) NOT NULL auto_increment,
    `name` varchar(32) NOT NULL default '',
    `price` double NOT NULL default '0',
    PRIMARY KEY  (`id`)

  INSERT INTO `products` VALUES (1, 'banana', 1);
  INSERT INTO `products` VALUES (2, 'apple', 0.5);
  INSERT INTO `products` VALUES (3, 'pear', 0.7);

Consider the following example PHP code (a valid $db object is assumed):

  $result = $db->autoExecute('products',
                             array('id' => 2, 'name' => 'sweetapple',
                                   'price' => '1.42'),
                             'id = 2');
  if (PEAR::isError($result)) {
      echo $result->getMessage() . "<br/>\n";
      echo $result->getUserInfo() . "<br/>\n";
      echo $result->getCode() . "<br/>\n";

The above code will generate the following error output:

  DB Error: insufficient data supplied
  UPDATE products SET id = ?,name = ?,price = ? WHERE UPDATE products SET id =
?,name = ?,price = ?

This is because there is a simple and well-known[1] bug in the buildManipSQL()
function in DB/common.php, which the attached patch fixes. With the attached
patch applied, the SQL update code above executes without error.

[1] http://marc.theaimsgroup.com/?l=pear-general&m=104326823101806&w=2

Version-Release number of selected component (if applicable):

How reproducible:

Every time.

Comment 1 Christian Rose 2005-07-18 10:18:11 UTC
Created attachment 116861 [details]
Patch that fixes the problem in PEAR::DB

Comment 2 Joe Orton 2005-08-15 11:13:23 UTC
Thanks for the report and for finding the patch.

Comment 3 Christian Rose 2005-08-20 15:29:28 UTC
This problem appears to still be present in php-4.3.2-25.ent.

Comment 4 Christian Rose 2005-11-10 21:33:42 UTC
This problem appears to still be present in php-4.3.2-26.ent.

Comment 7 Red Hat Bugzilla 2006-04-25 14:27:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Comment 8 Issue Tracker 2007-07-06 17:33:59 UTC
CRM closed, closing this

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'Auto Closed'

This event sent from IssueTracker by pdemauro 
 issue 83190

Note You need to log in before you can comment on or make changes to this bug.