Skip to content

[Issue] Fix SQL query quoting/casting when type is passed to where function #29590

New issue
New issue
Closed
#27980
Closed
[Issue] Fix SQL query quoting/casting when type is passed to where function#29590
#27980
Labels
Component: DBFixed in 2.4.xThe issue has been fixed in 2.4-develop branchIssue: ConfirmedGate 3 Passed. Manual verification of the issue completed. Issue is confirmedIssue: Format is validGate 1 Passed. Automatic verification of issue format passedIssue: Ready for WorkGate 4. Acknowledged. Issue is added to backlog and ready for developmentPriority: P3May be fixed according to the position in the backlog.Progress: doneReproduced on 2.4.xThe issue has been reproduced on latest 2.4-develop branchSeverity: S4Affects aesthetics, professional look and feel, “quality” or “usability”.
@m2-assistant

Description

@m2-assistant
m2-assistant
opened on Aug 17, 2020

This issue is automatically created based on existing pull request: #27980: Fix SQL query quoting/casting when type is passed to where function

Framework/DB/Select where function doesn't handle the "type" correctly.

Preconditions (*)

The $type variable can be both string or int, so before comparing it to
'TYPE_CONDITION' string it has to be casted to avoid comparing integer zero
with string (0 == 'TYPE_CONDITION') which will wrongly return true,
and remove the information about type.

Pass type provided to where function down the chain to allow automatic
casting of arrays of values e.g. to int.

This fixes following cases:
1)
$select-->where('attr_table.store_id IN (?)', $storeIds, Zend_Db::INT_TYPE);
2)
$select-->where('attr_table.store_id = ?', $storeId, Zend_Db::INT_TYPE);
In both cases now passed value is correctly casted to int
(either single value, or each value from array)

Related Pull Requests

Fixed Issues (if relevant)

Steps to reproduce:

  1. Make custom select like
    $select->from(['catalog_product_entity'], '*')->where('entity_id in (?)', ['1', 2, 3], \Zend_Db::INT_TYPE);
  2. Check sql
    $select->__toString()

Expected result (*)

SELECT catalog_product_entity.* FROM catalog_product_entity WHERE (entity_id in (1, 2, 3));

Actual result (*)

SELECT catalog_product_entity.* FROM catalog_product_entity WHERE (entity_id in ('1', 2, 3));

Questions or comments

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds are green)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Component: DBFixed in 2.4.xThe issue has been fixed in 2.4-develop branchIssue: ConfirmedGate 3 Passed. Manual verification of the issue completed. Issue is confirmedIssue: Format is validGate 1 Passed. Automatic verification of issue format passedIssue: Ready for WorkGate 4. Acknowledged. Issue is added to backlog and ready for developmentPriority: P3May be fixed according to the position in the backlog.Progress: doneReproduced on 2.4.xThe issue has been reproduced on latest 2.4-develop branchSeverity: S4Affects aesthetics, professional look and feel, “quality” or “usability”.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions