Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The structure of the query in the hook_uninstall function could delete unintended variables from the variable table.
function fb_uninstall() {
// Variables prefixed with double underbar to avoid conflicts with other modules named fb_something.
db_query("DELETE FROM {variable} WHERE name LIKE 'fb__%'");
}
The underscore is a wildcard character in this scenario, so the query will delete the following variables:
- fb_var_to_delete
- fbconnect_key
- fbtoken
The underscore character should be escaped, or the db_like() function should be used.
Documentation on db_like details the underscore as a wildcard issue https://api.drupal.org/api/drupal/includes%21database%21database.inc/fun...
Comment | File | Size | Author |
---|---|---|---|
#3 | 2831476-escape-wildcard-character-in-delete-query.patch | 492 bytes | bfodeke |
Comments
Comment #2
bfodeke CreditAttribution: bfodeke at Mediacurrent commentedComment #3
bfodeke CreditAttribution: bfodeke at Mediacurrent commentedComment #4
shrop CreditAttribution: shrop at Mediacurrent commentedDescription
I did some testing and I think the db_like() statement is not working. It appears to still delete any vars with a single underscore, which isn't right (ex: fb_test would be deleted). I wonder if just using db_query() with \_ to escape the underscores in the WHERE clause would work.
Testing Instructions
Next Steps
Consider using db_query() with escaped underscores in the WHERE clause
Comment #5
bfodeke CreditAttribution: bfodeke at Mediacurrent commentedHey @shrop, I wasn't too clear on what my patch is fixing. It's not going to prevent removal of any variables with the fb_ prefix. It *will* however prevent variables that begin with fb from being deleted.
So my patch will ensure:
Testing Instructions
fb_
vars in the variables table (fb__json_bigint should exist on install)Comment #6
shrop CreditAttribution: shrop at Mediacurrent commented@bayo, that make sense!
I ran the test and confirm that your patch resolves the issue and works as expected following the instructions below.
Description
I did some testing and I think the db_like() statement is not working. It appears to still delete any vars with a single underscore, which isn't right (ex: fb_test would be deleted). I wonder if just using db_query() with \_ to escape the underscores in the WHERE clause would work.
Testing Instructions
Next Steps
Commit to the 7.x-4.x branch
Comment #7
shrop CreditAttribution: shrop at Mediacurrent commentedComment #8
DamienMcKennaDon't forget to unassign the issue after you upload a patch.