| Age | Commit message (Collapse) | Author | Files | Lines |
|
The PHP native `$php_errormsg` variable has been deprecated as of PHP
7.2. The recommended replacement is `error_get_last()`.
A number of the driver classes used `$php_errormsg` to track if a DB
action caused an error.
As the `error_get_last()` function returns an array and comparing the
message therefore is slightly more involved, two new methods have been
introduced into the abstract parent class `ADOConnection` to handle the
message comparison.
The `resetLastError()` method retrieves the initial (old) error message
and resets it to enable checking whether a new error has occurred, even
when the new error is the same as the previous one.
The new `getChangedErrorMsg()` method compares the old error message
with the current one to determine whether a new message has occurred,
and if so, returns the message.
Refs:
* http://php.net/manual/en/migration72.deprecated.php#migration72.deprecated.track_errors-and-php_errormsg
* http://php.net/manual/en/reserved.variables.phperrormsg.php
* http://php.net/manual/en/function.error-get-last.php
Additional notes:
* In the `ADODB_ads::UpdateBlob()` method, the original (old) message
was not being retrieved which could result in an unrelated error being
recorded. This has been fixed.
* In the `ADODB_db2::_connect()` and `ADODB_db2::_pconnect()` methods,
the `$php_errormsg` was being reset, but subsequently not checked for
changes, so as the variable in effect was not being used, I've removed
the related code.
* In the `ADODB_sybase::ErrorMsg()` method, the `$php_errormsg` was
being checked, but no functions which could potential cause errors are
being called. As `$php_errormsg` is only available in the scope an
error occurred in, this meant that `$php_errormsg` would always be
empty, so I've removed the related code.
Fixes #409
|
|
|
|
The `SelectLimit` function has a potential SQL injection vulnerability
through the use of the `nrows` and `offset` parameters which are not
forced to integers.
This is a follow-up on #311, and fixes all remaining drivers that do not
use ADOConnection::SelectLimit().
Fixes #401
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Original commits squashed, message reworded. Fixed whitespace.
|
|
The same is done (at least for `$nrows`) in the `SelectLimit` method of `Adodb/adodb.inc.php`.
This lowers the risk of SQL injection.
Fixes #311
(cherry picked from commit 7d43989dc95fd00fcf3ba73e08fdaf56ffa4f3e5)
|
|
Reserved variable $php_errormsg is deprecated in PHP 7.2
http://php.net/manual/en/reserved.variables.phperrormsg.php
Fixes #405
|
|
create_function() is deprecated in PHP 7.2
http://php.net/manual/en/function.create-function.php
Fixes #404
|
|
Fixes #373
|
|
Backported from d9cc6c66ec08e5a517f8fa4503345ead992e2a62. I meant to do
this in 5.20.10 but I forgot...
Fixes #373
|
|
|
|
Fixes #371
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Changes from original pull request:
- suppress errors in _connect() also
- commit message reworded
|
|
|
|
This way if the connection fails, the error can be captured and used as
intended. Without this, mysqli_real_connect() triggers a PHP warning.
Fixes #348
|
|
Fixes #316
|
|
Add SetAutoCommit() method for PDO drivers.
Avoids PDO Error: The auto-commit mode cannot be changed for this driver
Fixes #347
|
|
|
|
Regression introduced by 7c758c3cbb9ecc639f5744d991e8a6d5c35e5be4.
Fixes #305
|
|
|
|
The ADOdb_oci8::SelectLimit() method performs Oracle-specific query
optimization, manipulating the SQL to apply hints in a way that is not
compatible with the oci8po driver, due to conversion of query
parameters ('?' vs oci8 native ':xx').
To avoid the problem, we define the SelectLimit() method directly in
ADODB_oci8po, and rely on the slower ADOConnection::SelectLimit()
method from the base class.
Also, to avoid issues with prepared statements causing PHP to throw a
Warning: "oci_execute(): supplied resource is not a valid oci8
statement resource", we retrieve the prepared statement's SQL and pass
it on to ADOConnection::SelectLimit().
Fixes #282
|
|
The method incorrectly returned -1 for success instead of 0. In
addition, the method attempted to distinguish between warnings and
errors produced by the SQL Server parameter "WarningsReturnAsErrors"
when logging was enabled, but in ADOdb logging this parameter is always
set false so the code was removed.
Fixes #298
|
|
Use 'adodbseq' everywhere
|
|
Incorrect forwarding of parameter values from GenID() to GenID2008/2012
forced the sequence name to the default of 'adodbseq'.
Fixes #300
|
|
Fixes #302
|
|
|
|
This modified regex allows matching of empty strings and is much more
efficient than the original one.
A better fix for this will be available in v5.21
Fixes #185
|
|
Removes the extra assignment of $seq when calling CreateSequence2012()
(possibly leftover from a copy/paste ?) which was causing the code to
always use the default 'adodbseq' sequence.
Fixes #295
|
|
Removes the unnecessary upper bound on the server version check.
Fixes #294
|
|
The code in ServerVersion() method now only calls preg_match() once.
|
|
sequences
Backported from master (b28cafea05d0c88018dd0c980ba024de1e54192f).
|
|
The property is referenced in MetaColumns(), and calling this method
causes an 'Undefined property' PHP Notice to be thrown.
Fixes #289
|
|
Allow indexed or associative array for bindvars.
Fixes #288
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
|
|
|
|
The OCIFetchinto function is causing segfaults on php7 - probably
because the fields array is not initialised or it is optimised out. This
fixes just changes to use the safer function oci_fetch_array instead.
Fixes #259
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
The PDO driver was relying on ADOConnection::qstr() for quoting strings.
An application relying on qstr() to manually prepare SQL statements
rather than using parameterized queries may be vulnerable to SQL
injection attacks, as demonstrated by @jdavidlists.
This commit delegates string quoting to PDO::quote() when a connection
is available. If not, it simply replaces single quotes by the value of
$replaceQuote property.
Fixes #226
|
|
When a schema is specified in $showSchema, the function generates an
invalid where clause:
WHERE TABLE_SCHEMA= from myschema
^
should be 'myschema'
Fixes #275
|
|
The generated query is broken with the default method arguments.
Fixes #275
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Original commit changed to use single quotes, added issue reference.
|
|
|
|
|
|
|
|
Calls to ADODB_pdo::SelectDB() and ADODB_pdo::SQLDate() should be passed
through to the underlying $_driver object.
If the $database property of the underlying $_driver object isn't
initialized correctly, the 1st call to MetaColumns using
"schemaName.tableName" as an argument may alter the connection's
currently selected database.
Fixes #242, related to #40.
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
If the database is Microsoft SQL Server, use the sqlsrv native data
types (sqlsrv:decl_type) instead of the PDO native type for improved
field type recognition.
This fix has been migrated to the pdo_sqlsrv driver in v5.21 (see #245,
#247, #245, #250)
|
|
If the recordset has already been closed, the destructor occasionally
fails because the queryId has sometimes been set to -1, not false.
See #170, #180
|
|
A warning is triggered when getInsertSql() is passed a string for the
tablename:
mysqli_free_result() expects parameter 1 to be mysqli_result, integer
given
Fixes #217
|
|
|
|
In PHP7, mysqli_real_connect() expects the port number to be an int; PHP
throws a warning if we give it a string, which is usually the case since
the port is parsed from a 'hostname:port'.
Fixes #218
|
|
|
|
Fixes #180 (this is the correct fix for issue #170).
|
|
|
|
Fix #170
|
|
Fixing this is somewhat academic considering that informix driver is no
longer supported since PHP 5.2.1
Fixes #170
|