ado oci8 variables issue

[fmomin]

Variable passing (e.g. Date Range) from VARIABLE to MySQL based connection of ADO works perfectly. However passing variables from VARIABLE to ORACLE/OCI8 connection of ADO fails.

ADO MySQL Connect String: 'uri'=>'mysql://username:password@localhost/database' ADO OCI8 Connect String: 'uri' => 'oci8://username:password@TNS'

ADO MySQL CODE: -- VARIABLE: { -- name: "range", -- display: "Report Range", -- type: "daterange", -- default: { start: "-1 year", end: "yesterday" } -- }

SELECT * FROM ost_ticket where created BETWEEN '{{ range.start }}' AND '{{ range.end }}'

ADO OCI8 CODE: -- VARIABLE: { -- name: "range", -- display: "Report Range", -- type: "daterange", -- default: { start: "-1 year", end: "yesterday" } -- }

SELECT * from DBA_USERS where created BETWEEN '{{ range.start }}' AND '{{ range.end }}'

[fmomin]

This is probably due to the use of mysql_real_escape_string in AdoReportType.php

[jdorn]

I think this is a duplicate of #122

The attempted solution was to use AdoDB's qstr method instead of mysql_real_escape_string, but apparently that has escaping problems of it's own. Any ideas are welcome.

[fmomin]

Although this is not the ideal solution but I was able to run Oracle driver for ADO by replacing mysql_real_escape_string with mysql_escape_string on following lines in file AdoReportType.php:

Line 110: Original Code: $value[$key2] = mysql_real_escape_string(trim($value2)); Replaced Code: $value[$key2] = mysql_escape_string(trim($value2));

Line 116: Original Code: $macros[$key] = mysql_real_escape_string($value); Replaced Code: $macros[$key] = mysql_escape_string($value);

[fmomin]

I tried using qstr function mentioned in #122 , however, it for some reason qstr prepends and appends html quotes to string and the end result is <& # 0 3 9 ;>. The alternative at the moment to remove those extra quotes is use trim function of PHP

Line 110: $value[$key2] = trim( $report->conn->qstr(trim($value2)) , "'" );

Line 116: $macros[$key] = trim( $report->conn->qstr($value) , "'" );