Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 163490 - PEAR::DB autoExecute function does not work when updating with WHERE clause
Summary: PEAR::DB autoExecute function does not work when updating with WHERE clause
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: php
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
Depends On:
Blocks: 170417
TreeView+ depends on / blocked
Reported: 2005-07-18 10:18 UTC by Christian Rose
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHSA-2006-0276
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-04-25 14:27:22 UTC
Target Upstream Version:

Attachments (Terms of Use)
Patch that fixes the problem in PEAR::DB (deleted)
2005-07-18 10:18 UTC, Christian Rose
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0276 normal SHIPPED_LIVE Moderate: php security update 2006-04-25 04:00:00 UTC

Description Christian Rose 2005-07-18 10:18:11 UTC
Description of problem:

The current php package in RHEL 3 includes version 1.3 of the PEAR DB package.
That version has a problem that will be triggered in some cases, for example
when using the PEAR::DB autoExecute() function for updating a row in a table by
using a WHERE clause.

Consider the following example MySQL table:

  CREATE TABLE `products` (
    `id` int(11) NOT NULL auto_increment,
    `name` varchar(32) NOT NULL default '',
    `price` double NOT NULL default '0',
    PRIMARY KEY  (`id`)

  INSERT INTO `products` VALUES (1, 'banana', 1);
  INSERT INTO `products` VALUES (2, 'apple', 0.5);
  INSERT INTO `products` VALUES (3, 'pear', 0.7);

Consider the following example PHP code (a valid $db object is assumed):

  $result = $db->autoExecute('products',
                             array('id' => 2, 'name' => 'sweetapple',
                                   'price' => '1.42'),
                             'id = 2');
  if (PEAR::isError($result)) {
      echo $result->getMessage() . "<br/>\n";
      echo $result->getUserInfo() . "<br/>\n";
      echo $result->getCode() . "<br/>\n";

The above code will generate the following error output:

  DB Error: insufficient data supplied
  UPDATE products SET id = ?,name = ?,price = ? WHERE UPDATE products SET id =
?,name = ?,price = ?

This is because there is a simple and well-known[1] bug in the buildManipSQL()
function in DB/common.php, which the attached patch fixes. With the attached
patch applied, the SQL update code above executes without error.


Version-Release number of selected component (if applicable):

How reproducible:

Every time.

Comment 1 Christian Rose 2005-07-18 10:18:11 UTC
Created attachment 116861 [details]
Patch that fixes the problem in PEAR::DB

Comment 2 Joe Orton 2005-08-15 11:13:23 UTC
Thanks for the report and for finding the patch.

Comment 3 Christian Rose 2005-08-20 15:29:28 UTC
This problem appears to still be present in php-4.3.2-25.ent.

Comment 4 Christian Rose 2005-11-10 21:33:42 UTC
This problem appears to still be present in php-4.3.2-26.ent.

Comment 7 Red Hat Bugzilla 2006-04-25 14:27:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 8 Issue Tracker 2007-07-06 17:33:59 UTC
CRM closed, closing this

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'Auto Closed'

This event sent from IssueTracker by pdemauro 
 issue 83190

Note You need to log in before you can comment on or make changes to this bug.