Open GoogleCodeExporter opened 9 years ago
LtDbHandle->bindParameter在值绑时定会有潜在Bug 1. 假设$parameter = array('prefix'=>1, 'prefix_a'=>2, 'prefix_b'=>3); 2. 调用bindParameter($sql, $parameter); 3. 对于后面两个绑定最短匹配,导致bug出现: 如prefix_a的定界符 会出现“定界符prefix定界符_a” 而不是预想中的“定界符prefix_a定界符”! 源代码如下: public function bindParameter($sql, $parameter) { $delimiter = "\x01\x02\x03"; //建议加上这语句逆序让长键值先匹配,修复这个bug krsort($parameter); foreach($parameter as $key => $value) { $newPlaceHolder = "$delimiter$key$delimiter"; $find[] = $newPlaceHolder; if ($value instanceof LtDbSqlExpression) { $replacement[] = $value->__toString(); } else { $replacement[] = "'" . $this->connectionAdapter->escape($value, $this->connectionResource) . "'"; } //就是这一句导致短匹配bug $sql = str_replace(":$key", $newPlaceHolder, $sql); } return str_replace($find, $replacement, $sql); }
Original issue reported on code.google.com by wcly201...@126.com on 30 Mar 2013 at 8:08
wcly201...@126.com
Original issue reported on code.google.com by
wcly201...@126.com
on 30 Mar 2013 at 8:08