diff options
| author | Mark Newnham <mark@newnhams.com> | 2015-06-28 14:18:29 +0200 |
|---|---|---|
| committer | Damien Regad <dregad@mantisbt.org> | 2015-06-28 14:24:28 +0200 |
| commit | eb9d83915fcfdcd4a4fb3f65a586e6c60be598f7 (patch) | |
| tree | 349ad03fed3b80530981c8bce2ab743accebf337 /drivers/adodb-oci8po.inc.php | |
| parent | 21258606cdd93fb3d9481bb83f01c4deb02cff19 (diff) | |
| download | adodb-eb9d83915fcfdcd4a4fb3f65a586e6c60be598f7.tar.gz adodb-eb9d83915fcfdcd4a4fb3f65a586e6c60be598f7.tar.bz2 adodb-eb9d83915fcfdcd4a4fb3f65a586e6c60be598f7.zip | |
oci8po: prevent replacement of '?' within strings
When processing an SQL statement containing a '?' character within a
string, ADOdb wrongly assumed it is for a bind variable. The number of
variables then no longer matches the number passed, and crashes the
_query() function.
We now identify whether a '?' is within a string and don't use it as a
bind variable if so.
Fixes #132
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Diffstat (limited to 'drivers/adodb-oci8po.inc.php')
| -rw-r--r-- | drivers/adodb-oci8po.inc.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/drivers/adodb-oci8po.inc.php b/drivers/adodb-oci8po.inc.php index 95a7d322..1f82e456 100644 --- a/drivers/adodb-oci8po.inc.php +++ b/drivers/adodb-oci8po.inc.php @@ -64,11 +64,22 @@ class ADODB_oci8po extends ADODB_oci8 { $arr['bind'.$i++] = $v; } } else { + // Need to identify if the ? is inside a quoted string, and if + // so not use it as a bind variable + preg_match_all('/".*\??"|\'.*\?.*?\'/', $sql, $matches); + foreach($matches[0] as $qmMatch){ + $qmReplace = str_replace('?', '-QUESTIONMARK-', $qmMatch); + $sql = str_replace($qmMatch, $qmReplace, $sql); + } + $sqlarr = explode('?',$sql); $sql = $sqlarr[0]; + foreach($inputarr as $k => $v) { $sql .= ":$k" . $sqlarr[++$i]; } + + $sql = str_replace('-QUESTIONMARK-', '?', $sql); } } return ADODB_oci8::_query($sql,$inputarr); |
