[patch] Type of foreign key not being checked

E

Eduardo Trápani

Guest
Hi,

Some of my foreign keys are chars, but the script does not quote them when building the 'where' clause.

For example:

select ... where country_iso_code=uy

instead of

select ... where country_iso_code='uy'

I fixed that by adding a parameter to build_linked_field_values_ar with the content_field and checking if it's numeric or not inside the function.

It works, but it's not elegant at all. The people who know the source code can surely do better at solving this.

--- business_logic.php.orig Tue Apr 27 15:24:17 2004
+++ business_logic.php Tue Apr 27 15:16:11 2004
@@ -2246,7 +2246,8 @@
$linked_fields_field = $fields_labels_ar[$i]["linked_fields_field"];
$linked_fields_ar = explode($fields_labels_ar[$i]["separator_field"], $linked_fields_field);

- $linked_field_values_ar = build_linked_field_values_ar($field_value, $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar);
+ $field_aux = $fields_labels_ar[$i]["content_field"];
+ $linked_field_values_ar = build_linked_field_values_ar($field_value, $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar,$field_aux);
/*
if (substr($foreign_key_temp, 0, 4) == "SQL:"){
$sql = substr($foreign_key_temp, 4, strlen($foreign_key_temp)-4);
@@ -2380,7 +2381,8 @@
$linked_fields_field = $fields_labels_ar[$i]["linked_fields_field"];
$linked_fields_ar = explode($fields_labels_ar[$i]["separator_field"], $linked_fields_field);

- $linked_field_values_ar = build_linked_field_values_ar($details_row[$field_name_temp], $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar);
+ $field_aux = $fields_labels_ar[$i]["content_field"];
+ $linked_field_values_ar = build_linked_field_values_ar($details_row[$field_name_temp], $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar,$field_aux);
/*
if (substr($foreign_key_temp, 0, 4) == "SQL:"){
$sql = substr($foreign_key_temp, 4, strlen($foreign_key_temp)-4);
@@ -2861,7 +2863,7 @@
$res_update = execute_db($sql_update_other, $conn);
} // end function udpate_options($fields_labels_ar_i, $field_name, $field_value_other)

-function build_linked_field_values_ar($field_value, $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar)
+function build_linked_field_values_ar($field_value, $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar,$field_type)
// goal: build the array containing the linked field values starting from a mail field value
// input: $primary_key_field_field, $primary_key_table_field, $primary_key_db_field, $linked_fields_ar
// output: linked_field_values_ar
@@ -2875,7 +2877,10 @@
$sql .= $quote.$linked_fields_ar[$i].$quote.", ";
} // end for
$sql = substr($sql, 0, -2); // delete the last ", "
- $sql .= " FROM ".$quote.$primary_key_table_field.$quote." WHERE ".$quote.$primary_key_field_field.$quote." = ".$field_value;
+ if (strcmp($field_type,"numeric") != 0)
+ $sql .= " FROM ".$quote.$primary_key_table_field.$quote." WHERE ".$quote.$primary_key_field_field.$quote." = " ."\"".$field_value ."\"";
+ else
+ $sql .= " FROM ".$quote.$primary_key_table_field.$quote." WHERE ".$quote.$primary_key_field_field.$quote." = ".$field_value;

// execute the select query
$res_linked_fields = execute_db($sql, $conn);
@@ -2933,4 +2938,4 @@

return $sql;
} // end function build_select_part()
-?>
\ No newline at end of file
+?>
 
E

Eugenio

Guest
Eduardo Trápani wrote:

> Hi,
>
> Some of my foreign keys are chars, but the script does not
> quote them when building the 'where' clause.
>
> For example:
>
> select ... where country_iso_code=uy
>
> instead of
>
> select ... where country_iso_code='uy'

[....]

It seems quite strange, all the fields are quoted in select queries, look at the build_where_clause() function.


(Latest version of DaDaBIK when this message was posted: 3.0 beta)
 
E

Eugenio

Guest
Eduardo Trápani wrote:

> Hi,
>
> Some of my foreign keys are chars, but the script does not
> quote them when building the 'where' clause.
>
> For example:
>
> select ... where country_iso_code=uy
>
> instead of
>
> select ... where country_iso_code='uy'
>
> I fixed that by adding a parameter to
> build_linked_field_values_ar with the content_field and
> checking if it's numeric or not inside the function.

[....]

You are right, the problem exists, thanks for having reported it.
Changing the line:
$sql .= " FROM ".$quote.$primary_key_table_field.$quote." WHERE ".$quote.$primary_key_field_field.$quote." = ".$field_value;
to:
$sql .= " FROM ".$quote.$primary_key_table_field.$quote." WHERE ".$quote.$primary_key_field_field.$quote." = '".$field_value."'";
in the function build_linked_field_values_ar() (file /include/business_logic.php) should be enough to fix it.



(Latest version of DaDaBIK when this message was posted: 3.0 beta)
 
Top