Bug 163490 - PEAR::DB autoExecute function does not work when updating with WHERE clause
Summary: PEAR::DB autoExecute function does not work when updating with WHERE clause
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks: 170417
TreeView+ depends on / blocked
 
Reported: 2005-07-18 10:18 UTC by Christian Rose
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHSA-2006-0276
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-04-25 14:27:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Patch that fixes the problem in PEAR::DB (466 bytes, patch)
2005-07-18 10:18 UTC, Christian Rose 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0276 0 normal SHIPPED_LIVE Moderate: php security update 2006-04-25 04:00:00 UTC

Description Christian Rose 2005-07-18 10:18:11 UTC 
Description of problem:

The current php package in RHEL 3 includes version 1.3 of the PEAR DB package.
That version has a problem that will be triggered in some cases, for example
when using the PEAR::DB autoExecute() function for updating a row in a table by
using a WHERE clause.

Consider the following example MySQL table:

  CREATE TABLE `products` (
    `id` int(11) NOT NULL auto_increment,
    `name` varchar(32) NOT NULL default '',
    `price` double NOT NULL default '0',
    PRIMARY KEY  (`id`)
  ) TYPE=MyISAM AUTO_INCREMENT=4 ;

  INSERT INTO `products` VALUES (1, 'banana', 1);
  INSERT INTO `products` VALUES (2, 'apple', 0.5);
  INSERT INTO `products` VALUES (3, 'pear', 0.7);


Consider the following example PHP code (a valid $db object is assumed):

  $result = $db->autoExecute('products',
                             array('id' => 2, 'name' => 'sweetapple',
                                   'price' => '1.42'),
                             DB_AUTOQUERY_UPDATE,
                             'id = 2');
  if (PEAR::isError($result)) {
      echo $result->getMessage() . "<br/>\n";
      echo $result->getUserInfo() . "<br/>\n";
      echo $result->getCode() . "<br/>\n";
  }


The above code will generate the following error output:

  DB Error: insufficient data supplied
  UPDATE products SET id = ?,name = ?,price = ? WHERE UPDATE products SET id =
?,name = ?,price = ?
  -20


This is because there is a simple and well-known[1] bug in the buildManipSQL()
function in DB/common.php, which the attached patch fixes. With the attached
patch applied, the SQL update code above executes without error.

[1] http://marc.theaimsgroup.com/?l=pear-general&m=104326823101806&w=2


Version-Release number of selected component (if applicable):
php-4.3.2-24.ent


How reproducible:

Every time.
Comment 1 Christian Rose 2005-07-18 10:18:11 UTC 
Created attachment 116861 [details]
Patch that fixes the problem in PEAR::DB
Comment 2 Joe Orton 2005-08-15 11:13:23 UTC 
Thanks for the report and for finding the patch.
Comment 3 Christian Rose 2005-08-20 15:29:28 UTC 
This problem appears to still be present in php-4.3.2-25.ent.
Comment 4 Christian Rose 2005-11-10 21:33:42 UTC 
This problem appears to still be present in php-4.3.2-26.ent.
Comment 7 Red Hat Bugzilla 2006-04-25 14:27:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0276.html
Comment 8 Issue Tracker 2007-07-06 17:33:59 UTC 
CRM closed, closing this

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'Auto Closed'

This event sent from IssueTracker by pdemauro 
 issue 83190
Note You need to log in before you can comment on or make changes to this bug.