search

Yitzchok / subsonicproject

Automatically exported from code.google.com/p/subsonicproject
0 stars 0 forks source link

Problem when saving "null" string #49

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Take any object with a string property.  
2. Set one string property to the string "null" (not the actual null value)
3. Save the object. 

What is the expected output? What do you see instead?
The database should save the string to the database as with any other 
string. 

However, 
a) if the column is nullable, Notice that the value of the string is now 
null (instead of "null").
b) if the column is not nullable, an exception is thrown. 
(System.Reflection.TargetInvocationException: Exception has been thrown by 
the target of an invocation. ---> System.Data.SqlClient.SqlException: 
Cannot insert the value NULL into column '{0}', table '{1}'; column does 
not allow nulls. INSERT fails.)

What version of the product are you using? On what operating system?
v2.1 on win2k8 64bit

Please provide any additional information below.
http://forums.subsonicproject.com/forums/p/3431/16932.aspx#16932

I don't know if anyone relies on this "null"->null behaviour, but it breaks 
my application. I see this as an important security risk and would like to 
have the option to disable this feature.

Original issue reported on code.google.com by jason.ke...@gmail.com on 22 Feb 2009 at 1:59

GoogleCodeExporter commented 9 years ago 
This is a weird one - it's actually not a SubSonic thing, try to do this with a 
SqlCommand and see what happens :).

I'm working on something here...

Original comment by robcon...@gmail.com on 9 Apr 2009 at 2:37

GoogleCodeExporter commented 9 years ago 
Can I suggest for your apps that you pass 'null'? I literally cannot find a way 
around this - ADO is setting the command up to pass "null" without single 
quotes 
(which is what the DB requires) and I can't figure out a way around it.

I have to shelve this for now - and I hate to say it but I might suggest you 
escape "null" to "'null'" - I tried this but it adds the quotes to the DB.

Original comment by robcon...@gmail.com on 9 Apr 2009 at 2:41

GoogleCodeExporter commented 9 years ago 
The actual bug is not with:
string s = "\"null\"";

It is with: 
string s = "null";

Original comment by jason.ke...@gmail.com on 9 Apr 2009 at 2:44

GoogleCodeExporter commented 9 years ago 
Can you post the relevant code block and/or create a unit test that reveals the 
ADO 
problem? We could post that on stackoverflow.

Original comment by jason.ke...@gmail.com on 9 Apr 2009 at 3:47

GoogleCodeExporter commented 9 years ago 
Right - no I get that. It's that we build a DbCommand up, add a parameter with 
DbType.String, set it to "null", which gets executed somehow as "SET 
column=NULL".

I've looked and looked - I'll keep looking but I can't figure this out!

resetting to Accepted so JK doesn't shoot me

Original comment by robcon...@gmail.com on 9 Apr 2009 at 3:57

GoogleCodeExporter commented 9 years ago 
SqlDataProvider. Method AddParams. Found this: 

                   //fix for NULLs as parameter values
                    if (param.ParameterValue == null || Utility.IsMatch
(param.ParameterValue.ToString(), "null"))
                    {
                        sqlParam.Value = DBNull.Value;
                    }

Original comment by jason.ke...@gmail.com on 9 Apr 2009 at 4:05

GoogleCodeExporter commented 9 years ago 
I'm wrong - DOH! you found it :). I could not imagine this was in there. Oh 
well...
Fixed with revision 515

Original comment by robcon...@gmail.com on 9 Apr 2009 at 4:08