Skip Menu |
 

This queue is for tickets about the DBIx-Class CPAN distribution.

Report information
The Basics
Id: 35953
Status: rejected
Priority: 0/
Queue: DBIx-Class

People
Owner: Nobody in particular
Requestors: rrichter [...] jcvi.org
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.08010
Fixed in: (no value)

Attachments
0001-Fixes-to-properly-handle-quoting-by-data-type-in-NoB.patch



Subject: DBIx::Class::Storage::DBI::NoBindVars improperly quotes all variables
Download (untitled) / with headers
text/plain 1.8k
I am using DBIx::Class 0.0810, perl v5.8.8 built for i686-linux-thread-multi, and DBD::Sybase 1.07 built against native Sybase drivers for Adaptive Server 12.5. I have tested with TDS-based drivers, but no longer know the version. NoBindVars.pm quotes every parameter, which works fine for mysql, which does automatic conversion between string and number formats, but not for Sybase, which simply throws the error 'Implicit conversion from datatype 'VARCHAR' to 'INT' is not allowed. Use the CONVERT function to run this query.' (with, of course, the proper datatype instead of INT) on any data conversion. I cannot vouch for MS-SQL not performing automatic data type conversion. This means that you cannot perform any SQL operations at all on non-Character data types. As far as I can tell, NoBindVars.pm is only used in Sybase drivers. Sybase native and TDS drivers handle variable binding quite well, actually. In fact, they automatically cache any statement with bound variables as a temporary stored procedure. However, because of the way stored procedures work in Sybase, if you use IDENTITY (ie. AUTO INCREMENT) columns and bind variables on an insert, you cannot get the last_insert_id value. Therefore, insert, but not select, delete, or update queries, need to have the values inserted into the query directly instead of being bound, because that is the only time an IDENTITY column can be set. This also fixes the problem that BLOB fields cannot be inserted as bound variables. BLOB fields cannot be used as parameters in SELECT statements, so that is a non-issue. However update of BLOB fields is not properly handled in this patch. I was unable to find a place to get the bind_attributes in the chain. Therefore, I modified NoBindVars to actually bind SELECT,DELETE,UPDATE, which is definitely suboptimal for the module name, but perfectly acceptable for functionality in Sybase.
Subject: 0001-Fixes-to-properly-handle-quoting-by-data-type-in-NoB.patch

Message body is not shown because it is too large.

Download (untitled) / with headers
text/plain 523b
On Fri May 16 17:04:01 2008, rrichter@jcvi.org wrote: Show quoted text
> I was unable to find a place to get the bind_attributes in the chain. > Therefore, I modified NoBindVars to actually bind SELECT,DELETE,UPDATE, > which is definitely suboptimal for the module name, but perfectly > acceptable for functionality in Sybase.
That's almost certainly going to break things for other users. Please subscribe to dbix-class@lists.scsys.co.uk and post your issue and a test patch there so we can have a proper discussion about how to fix it.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.