MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005829AContentUser Interfacepublic2018-01-03 17:492018-02-01 18:17
Reportergreg 
Assigned Tocindy 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version1.4 
Summary0005829: bind_param failures
DescriptionLINE 115 include/classes/DAO/TestsQuestionsDAO.class.php DONE

$valuestmp = implode(',', $questionIDsArray);
$values = &$valuestmp;
$types = "s";
return $this->execute($sql, $values, $types);

DONE Line 85 include/classes/DAO/PrimaryResourcesDAO.class.php (IN $glued_pri_ids)
DONE Line 329 home/editor/editor_tab_functions.inc.php IN ($tids)
DONE Line 120 include/classes/DAO/MyownPatchesDAO.class.php ($fieldName)
DONE Line 77 include/classes/DAO/MailQueueDAO.class.php ($mids)
DONE Line 63 include/classes/DAO/UserGroupPrivilegeDAO.class.php ($fieldName)
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0007673)
greg (administrator)
2018-01-05 09:34
edited on: 2018-01-13 16:48

DONE How to validate SET ".$fieldName."='".$fieldValue."'when usin bind_param

Line 143 include/classes/DAO/UserGroupsDAO.class.php

(0007675)
greg (administrator)
2018-01-06 14:29

How to bind_param a sql filter expression?
Line 76 oauth/ims-blti/blti.php ($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key')
(0007676)
greg (administrator)
2018-01-06 14:36

Hi Cindy, Hope you had a great holiday break.

I've been working on replacing addslashes throughout AContent. I've come up with this list of places (including in the comments) where prepare/bind_param do not seem to work. Hoping you might have an idea how to deal with these. Primarily in an IN statement, and where col/val are dynamic (e.g. SET ".$fieldName."='".$fieldValue."), and where a sql filter expressions is being used.

Much of the replacement is done, so you should be able to clone the master branch to get them all. I'll be commit more over the next little while. Planning to be done in the next week or two, if you can suggest some solution, of perhaps commit some fixes.

thx
greg
(0007679)
greg (administrator)
2018-01-11 19:29

$num_of_ids = count($array_of_ids);

...IN ('.substr(str_repeat("? , ", $num_of_ids), 0, -2).')';
$values = $array_of_ids;
$types .= str_pad("", $num_of_ids, "i");
(0007685)
greg (administrator)
2018-01-31 18:18

fixes throughout a bunch of commits, to address bind_param challenges
(0007722)
greg (administrator)
2018-02-01 18:17

Resolved in AContent 1.4

- Issue History
Date Modified Username Field Change
2018-01-03 17:49 greg New Issue
2018-01-03 18:05 greg Description Updated View Revisions
2018-01-03 18:18 greg Description Updated View Revisions
2018-01-03 18:28 greg Description Updated View Revisions
2018-01-04 10:50 greg Description Updated View Revisions
2018-01-04 10:59 greg Description Updated View Revisions
2018-01-04 14:12 greg Severity major => minor
2018-01-04 14:12 greg Description Updated View Revisions
2018-01-04 15:05 greg Description Updated View Revisions
2018-01-05 08:18 greg Description Updated View Revisions
2018-01-05 09:34 greg Note Added: 0007673
2018-01-05 10:11 greg Description Updated View Revisions
2018-01-05 10:32 greg Description Updated View Revisions
2018-01-06 09:50 greg Description Updated View Revisions
2018-01-06 12:21 greg Description Updated View Revisions
2018-01-06 14:11 greg Note Added: 0007674
2018-01-06 14:29 greg Note Added: 0007675
2018-01-06 14:29 greg Assigned To => cindy
2018-01-06 14:29 greg Status new => assigned
2018-01-06 14:36 greg Note Added: 0007676
2018-01-06 14:37 greg Summary bind_params failures => bind_param failures
2018-01-07 09:11 greg Note Added: 0007677
2018-01-11 19:24 greg Description Updated View Revisions
2018-01-11 19:29 greg Note Added: 0007679
2018-01-11 19:36 greg Description Updated View Revisions
2018-01-11 19:36 greg Note Deleted: 0007674
2018-01-11 19:40 greg Note Deleted: 0007677
2018-01-13 16:47 greg Description Updated View Revisions
2018-01-13 16:48 greg Note Edited: 0007673 View Revisions
2018-01-31 18:18 greg Note Added: 0007685
2018-01-31 18:18 greg Status assigned => resolved
2018-01-31 18:18 greg Fixed in Version => 1.4
2018-01-31 18:18 greg Resolution open => fixed
2018-02-01 18:17 greg Note Added: 0007722
2018-02-01 18:17 greg Status resolved => closed


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker