Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Mediawiki has a fine idea to add the name of the function issuing a query as a SQL comment when running the query. This makes SHOW PROCESSLIST much more usable. Thats the mysql command to see all running queries. Further, this makes it easier to analyze slow query logs and such.
db_query() or _db_query() could do this themselves and not involve any outside code with just a call to debug_backtrace().
Comment | File | Size | Author |
---|---|---|---|
#28 | mw_97.patch | 2.53 KB | moshe weitzman |
#26 | mw_96.patch | 2.41 KB | moshe weitzman |
#24 | mw_95.patch | 2.22 KB | moshe weitzman |
#22 | mysql-func-name-4.patch | 1.83 KB | kbahey |
#13 | mysql-func-name-3.patch | 2.23 KB | kbahey |
Comments
Comment #1
kbahey CreditAttribution: kbahey commentedThis will save me a lot of greps to find the offending queries when doing tuning.
Here is a patch that seems to work.
Don't see why this should not be in Drupal 6. It is non-intrusive at all.
Comment #2
webchickThat's not the only place there are queries.
See http://drupal.org/node/168812. In fact, if we could put this in that logic there, it might be nice, so we don't have to do backtraces in two+ places.
Comment #3
moshe weitzman CreditAttribution: moshe weitzman commented@kbahey - do you think we should do this always, or only if dev_query variable is TRUE? I could go either way. I lean towards within dev_query block.
@webchick. i don't fully understand your comment. we issue queries that don't run through db_query()? ... i don't think consolidating backtrace info will be helpful since we are already in a driver specific code. the driver knows to retreat 2 steps for mysql, for example. i don't feel that strongly though.
Comment #4
webchick@moshe:
Yes. Several.
From http://drupal.org/files/issues/db_backtrace_26.patch:
Comment #5
webchickYou're right that we can't consolidate it though.. the code there only executes on error condition. But you can probably swipe the logic to make sure it prints the right function.
Comment #6
kbahey CreditAttribution: kbahey commented@moshe
I see no harm in having it always there. If you have a large live site that is creaking under load, and no devel, you are out of luck.
The only thing I am not sure of is whether David Strauss' master/slave thing parses the query to determine if it is a read or write one. If it does, then the /* ... */ part has to be stripped out or ignored.
@webchick
You are right about this being scattered over all those functions. Should we go and add these two lines to each of these functions?
Comment #7
moshe weitzman CreditAttribution: moshe weitzman commentedI just noticed that Mediawiki adds the logged in user's name as well (if available).
@kbahey - you don't really need devel.module. You just need to set that variable via command line or via previewing a php node or other. Just some thoughts ...
Comment #8
kbahey CreditAttribution: kbahey commentedThis version addresses moshe's two comments:
- Makes this conditional on the dev_query variable being set.
- Adds the user name before the function name, this includes anonymous too (why not ...)
Need opinions from webchick and others on how best to handle the other functions. We can make these few lines a centralized function and call it from all the other 4 functions.
Comment #9
moshe weitzman CreditAttribution: moshe weitzman commentedIf you put the comment in _db_query instead, you will capture other queries like db_query_range()/pager_query()
Comment #10
kbahey CreditAttribution: kbahey commentedHere it is. Seems to work fine for me.
More testing needed.
Comment #11
moshe weitzman CreditAttribution: moshe weitzman commentedI verified that this patch doesn't break anything and that the comment has the right data in it. Others can also verify by turning on devel's query log. devel will naturally strip out the comment for presentation after this is committed.
Comment #12
Gábor HojtsyPlus:
- Good that we only run this when devel is on.
- SQL rewrites are thankfully already done by this stage, so we don't need to be afraid of these comments messing up the rewrites.
Minus:
- There are some code style problems with concatenation.
Comment #13
kbahey CreditAttribution: kbahey commentedCode style fixed.
Should be ready to go.
Comment #14
kbahey CreditAttribution: kbahey commentedComment #15
moshe weitzman CreditAttribution: moshe weitzman commentedi retested and all is well.
Comment #16
Gábor HojtsyDoh, although I just committed this patch, it occurred to me that this opens an attack vector with usernames. If I have "Gábor */ DROP TABLE system;" as my username, and the site has devel module turned on for whatever reason, I can drop the table. So let's close this attack option.
Comment #17
moshe weitzman CreditAttribution: moshe weitzman commentedGood thinking. Yet neither of those characters are allowed by in my testing - i.e. blocked by user_validate_name(). still need to sanitize the username?
Comment #18
Gábor HojtsyHm, I also looked into the user name validation code, and it seems these chars are not allowed, so we are safe there. So tasks:
- let's document this in the mysql and mysqli _db_query()
- why was the pgsql code left out of the fun?? pgsql does support /* */ types of comments
Comment #20
moshe weitzman CreditAttribution: moshe weitzman commentedIt failed because we already applied the patch. In the future, that won't be a problem since we won't do anything until bot says the patch his clean.
Comment #22
kbahey CreditAttribution: kbahey commentedThis patch documents the changes to the two files (mysql, and mysqli).
I don't use PostgreSQL, so someone who does can add that.
Comment #23
moshe weitzman CreditAttribution: moshe weitzman commentedI massaged the help text slightly.
More importantly, I removed a t() call which was breaking anonymous page views with devel turned on. t() isn't available yet. If Gabor ha a better suggestion that t() [like what the installer does], then please do make the needed change.
Comment #24
moshe weitzman CreditAttribution: moshe weitzman commentedoops - patch here.
Comment #25
Heine CreditAttribution: Heine commentedWe should not rely on the username validation code; I'm sure their are various ways to create users (contrib?, imports?) that may not run the validation.
Comment #26
moshe weitzman CreditAttribution: moshe weitzman commentedAgreed .. Here is a hardened version. See the str_replace()
Comment #27
Gábor Hojtsy- If you only need t() for the anonymous name, then this is not a real problem IMHO. Feel free to leave that out, but fix the comment to suggest that it was actually removed from around Anonymous. Now the comment hangs in the air.
- Also to be sure that values are properly sanitized, I would put the str replace around the ternary operator, not only on the username, but also on the anonymous name. There is nothing stopping admins from screwing up all their SQL queries with a fun anonymous user name otherwise.
Comment #28
moshe weitzman CreditAttribution: moshe weitzman commentedAddressed both of Gabor's points.
Comment #29
Gábor HojtsyThanks, committed.
Comment #30
(not verified) CreditAttribution: commented