Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Incorrect insertion of FragmentInterface parameters in direct database queries #168

Open
1 task done
iGrog opened this issue Mar 21, 2024 · 1 comment
Open
1 task done

🐛 Incorrect insertion of FragmentInterface parameters in direct database queries #168

iGrog opened this issue Mar 21, 2024 · 1 comment
Assignees
@msmakouz
Labels
type:question Further information is requested

Comments

@iGrog
Copy link

iGrog commented Mar 21, 2024
edited
Loading

No duplicates 🥲.

  • I have searched for a similar issue in our bug tracker and didn't find any solutions.

Database

MySQL

What happened?

        $orderGuids = [Guid::generate()]; // Guid implements FragmentInterface

        $sql = <<<SQL
SELECT SUM(ShippedQuantity) AS quantity, ProductGuid, ShipmentGuid, OrderGuid
FROM shipments
WHERE OrderGuid IN (?)
GROUP BY ProductGuid, ShipmentGuid, OrderGuid
SQL;

        $result = $this->database->query($sql, $orderGuids)->fetchAll();

expected query:

    SELECT SUM(ShippedQuantity) AS quantity, ProductGuid, ShipmentGuid, OrderGuid
    FROM shipments
    WHERE OrderGuid IN (UUID_TO_BIN('018a02d9-ae58-bd7d-db14-400350da139f'))
    GROUP BY ProductGuid, ShipmentGuid, OrderGuid

actual query: (UUID_TO_BIN is missing)

    SELECT SUM(ShippedQuantity) AS quantity, ProductGuid, ShipmentGuid, OrderGuid
    FROM shipments
    WHERE OrderGuid IN ('018a02d9-ae58-bd7d-db14-400350da139f')
    GROUP BY ProductGuid, ShipmentGuid, OrderGuid

Version

database 2.8.1
PHP 8.3
@iGrog iGrog added status:to be verified Needs to be reproduced and validated. type:bug Bug labels Mar 21, 2024
@roxblnfk roxblnfk assigned msmakouz and unassigned roxblnfk Mar 21, 2024
@roxblnfk roxblnfk added this to Cycle Mar 21, 2024
@msmakouz msmakouz moved this to In Progress in Cycle Mar 25, 2024
@roxblnfk
Copy link
Member

It's impossible to send value plus function instead of just value in a prepared statement

@roxblnfk roxblnfk added type:question Further information is requested and removed type:bug Bug status:to be verified Needs to be reproduced and validated. labels Mar 28, 2024
@msmakouz msmakouz moved this from In Progress to Done in Cycle Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msmakouz msmakouz

Labels
type:question Further information is requested
Projects
Cycle
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iGrog @roxblnfk @msmakouz