Db\Statement->_parseParameters() bad handling of commented single quote

zendframework / zf1

This project reached its end-of-life on 2016-09-28. Contains conversion of ZF1 subversion repo to git, from version 15234 forward, and only containing master and release-1.12 branches and 1.12 tags.

https://framework.zend.com/blog/2016-06-28-zf1-eol.html

BSD 3-Clause "New" or "Revised" License

357 stars 802 forks source link

Db\Statement->_parseParameters() bad handling of commented single quote #742

Closed lukevi closed 7 years ago

lukevi commented 7 years ago

/ @var $s \Zend_Db_Statement / $s->prepare("/ / SELECT ':0'"); // fine $s->prepare(""/'/ SELECT ':0'"); // throws Zend_Db_Statement_Exception, "Invalid bind-variable name ':0'"

Not sure whether this is the job of _stripQuoted or _parseParameters.

froschdesign commented 7 years ago

We are sorry, but ZF1 reaches its End of Life (EOL).