[#25056] - [4.0] Add prepared statements for plg_fields_sql
- Fixed in Code Base
- 4 Jan 2020
- Medium
- Build: 4.0-dev
- # 25056
- Diff
- HLeithner:prepared-plg-fields-sql
- Pending Hound Hound is busy sniffing around... Details
User tests: Successful: Unsuccessful:
This PR tries to move the SQL custom field into a prepared statement, at least for the values part.
Summary of Changes
Updated SQL queries to prepared statements and made some cleanups around the queries.
Testing Instructions
- Create a SQL custom field
- Use several SQL queries in the custom field
- check the frontend if the expected result could be found.
Expected result
Nothing changed.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Front End Plugins |
franz-wohlkoenig
- | Title |
|
||||||
| Labels |
Added:
?
|
||
It's still running an empty query.
| Labels |
Added:
?
|
||
| Labels |
Added:
?
Removed: ? |
||
| Labels |
Added:
?
Removed: ? |
||
I found another problem, if $db->setQuery($query) is not in the try catch construct and the sql query is broken (for example $value is 0 which is not possible any longer) then joomla raise an exception on setQuery because we do a Driver->prepareStatement() in this function.
This is already true for the current implementation...
Also I'm not sure how the query with the HAVING clause could fail and the original query would work.
if you have a query
select id as value, title as text from #__content
then the having variant will always work
select id as value, title as text from #__content HAVING VALUE IN ('1');
if the query fails because no value column exists it will also fail without the having clause because we expect a value column...
What do I miss?
We don't know what kind of query is entered so adding anything could break it. For example if entered query ends in ; the code already fails as it results in this:
select id as value, title as text from #__content; HAVING VALUE IN ('1');
Another case, the query could already have a HAVING clause.
We could avoid the first scenario by loading SQL into the query object and using the API to build having clause instead of directly manipulating SQL.
We could avoid the first scenario by loading SQL into the query object and using the API to build having clause instead of directly manipulating SQL.
Jquery doesn't split the query into parts.
So we should keep it this way until someone builds the ultimate query builder ;)
Hm, you're right. Although we could still use query methods for HAVING clause. But it's fine either way. Just lowercase and quote value please because it's a column name.
| Labels |
Added:
?
Removed: ? |
||
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/25056.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/25056.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/25056.
infograf768
- | Labels |
Added:
?
Removed: ? |
||
rdeutz
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-01-04 14:14:22 |
| Closed_By | ⇒ | rdeutz |
Hope it's ok now @shanginn