search

FirebirdSQL / fdb

Firebird Driver for Python
https://www.firebirdsql.org/en/devel-python-driver/
Other
60 stars 26 forks source link

String parameters are incorrectly checked for their size and destroy query #18

Closed kilroy42 closed 3 years ago

kilroy42 commented 3 years ago

Example query:

SELECT FIRST 10 "CUSTOMER_ADDRESSES"."CITYCODE" FROM "CUSTOMER_ADDRESSES" WHERE "CUSTOMER_ADDRESSES"."CITYCODE" LIKE ?

Example args:

['%0123456789%']

Structure of table:

CITYCODE (VC10) VARCHAR(10) CHARACTER SET ISO8859_1 Nullable COLLATE DE_DE

What happens: Error: Value of parameter (0) is too long, expected 10, found 12

What is expected: It should work

It checks the length of an argument that is supposed to land in a function (LIKE). The size of the argument should NOT be checked since it can be of any length (think: longer regex).

Solution: Remove the check code in https://github.com/FirebirdSQL/fdb/blob/master/fdb/fbcore.py#L3141 or somehow restrict the code to INSERT/UPDATE/REPLACE statements.

mrotteveel commented 3 years ago

This is a limitation in Firebird: the parameter is described with the same length as the column. As a workaround, you will need to cast the parameter to a longer type, for example 

WHERE "CUSTOMER_ADDRESSES"."CITYCODE" LIKE cast(? as varchar(50))

See also http://tracker.firebirdsql.org/browse/CORE-3559