Open fmomin opened 10 years ago
This is probably due to the use of mysql_real_escape_string in AdoReportType.php
I think this is a duplicate of #122
The attempted solution was to use AdoDB's qstr
method instead of mysql_real_escape_string
, but apparently that has escaping problems of it's own. Any ideas are welcome.
Although this is not the ideal solution but I was able to run Oracle driver for ADO by replacing mysql_real_escape_string with mysql_escape_string on following lines in file AdoReportType.php:
Line 110: Original Code: $value[$key2] = mysql_real_escape_string(trim($value2)); Replaced Code: $value[$key2] = mysql_escape_string(trim($value2));
Line 116: Original Code: $macros[$key] = mysql_real_escape_string($value); Replaced Code: $macros[$key] = mysql_escape_string($value);
I tried using qstr function mentioned in #122 , however, it for some reason qstr prepends and appends html quotes to string and the end result is <& # 0 3 9 ;>. The alternative at the moment to remove those extra quotes is use trim function of PHP
Line 110: $value[$key2] = trim( $report->conn->qstr(trim($value2)) , "'" );
Line 116: $macros[$key] = trim( $report->conn->qstr($value) , "'" );
Variable passing (e.g. Date Range) from VARIABLE to MySQL based connection of ADO works perfectly. However passing variables from VARIABLE to ORACLE/OCI8 connection of ADO fails.
ADO MySQL Connect String: 'uri'=>'mysql://username:password@localhost/database' ADO OCI8 Connect String: 'uri' => 'oci8://username:password@TNS'
ADO MySQL CODE: -- VARIABLE: { -- name: "range", -- display: "Report Range", -- type: "daterange", -- default: { start: "-1 year", end: "yesterday" } -- }
SELECT * FROM ost_ticket where created BETWEEN '{{ range.start }}' AND '{{ range.end }}'
ADO OCI8 CODE: -- VARIABLE: { -- name: "range", -- display: "Report Range", -- type: "daterange", -- default: { start: "-1 year", end: "yesterday" } -- }
SELECT * from DBA_USERS where created BETWEEN '{{ range.start }}' AND '{{ range.end }}'