system.install try to insert a integer into VARCHAR without '', which will face error when working with DB2. this patch will change "0" into "'0'" for string escape.

CommentFileSizeAuthor
#4 drupal-6.x-dev-system.install-0.2.diff5.03 KBhswong3i
drupal-6.x-dev-system.install-0.1.diff1 KBhswong3i
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented
Status: Needs review » Fixed

Well, although it is possible to use any string as a delta, not only numbers, it might make sense to convert this field to an INT later (not in Drupal 6 obviously). AFAIK people don't use the possibility widely to utilize non-numeric delta values.

Anyway, thanks for the patch, committed!

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented

non numeric delta is becoming more popular. Views for one, uses this. I think a better course of action is to rename delta to $id and encourage use of non numerics. they are more readable, and less easy to accidentally reuse when adding a block where an old one used to live. in any case, this is a good patch. thanks for committing.

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented

Ah, thanks for the info Moshe, we agree that 'delta' is misleading.

hswong3i’s picture

hswong3i CreditAttribution: hswong3i commented
Assigned: Unassigned » hswong3i
Status: Fixed » Needs review
FileSize
drupal-6.x-dev-system.install-0.2.diff5.03 KB

update system.install into regular format. P.S. we need to use db_query() correctly for cross database concern :)

hswong3i’s picture

hswong3i CreditAttribution: hswong3i commented
Priority: Normal » Critical

since both Oracle/DB2/MSSQL will preform A LOT OF reserved word rewrite handling to query BODY, this patch can greatly improve the ability of cross database compatibility. This is because all user input values are escaped, and will not capture by rewrite handling.

dmitrig01’s picture

dmitrig01 CreditAttribution: dmitrig01 commented
Status: Needs review » Reviewed & tested by the community

This is much needed. Dries and Gabor, the reason for this is because MSSQL, Oracle and DB2 run many regular expressions on the queries (and large ones). They can catch most situations, however the parsers aren't perfect. They match SQL keywords and %s/%d/%f/%%/%b. Not just any text.

dmitrig01’s picture

dmitrig01 CreditAttribution: dmitrig01 commented

Oops, that was for another patch that did pretty much the same thing :)

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented
Status: Reviewed & tested by the community » Fixed

OK, committed.

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)