[Tickets #6552] DB Error: syntax error when searching with no criteria

bugs at horde.org bugs at horde.org
Mon Mar 31 23:13:33 UTC 2008


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/6552
-----------------------------------------------------------------------
 Ticket             | 6552
 Created By         | php at ideacode.com
 Summary            | DB Error: syntax error when searching with no criteria
 Queue              | Hermes
 Type               | Bug
 State              | Unconfirmed
 Priority           | 1. Low
 Milestone          | 
 Patch              | 
 Owners             | 
+New Attachment     | issue.diff
-----------------------------------------------------------------------


php at ideacode.com (2008-03-31 19:13) wrote:

As a user with hermes:review permission, click Search in the top menu bar,
then -- without selecting any criteria -- click Search immediately.  A "DB
Error: syntax error" is returned, when I expect to see all entered hours.

In non-reviewer cases, the "employee" criterion is always passed
implicitly, as that's the filter used to limit that person's search.  Thus
inspecting $sql at hermes/lib/Driver/sql.php:280 shows $filters as:
array(2) {
  ["employee"]=>
  string(21) "pmvaleri at ideacode.com"
  ["link_page"]=>
  string(10) "search.php"
}

When doing that same query as a reviewer, however, $filters is:
array(1) {
  ["link_page"]=>
  string(10) "search.php"
}

The problem is that $filters contains one entry, which causes the WHERE
clause keyword to be inserted into the SQL statement, but then no actual
criteria are added after the WHERE clause, since link_page is not a
criterion but an option being passed in for the function to use otherwise.

The best fix is to insert the WHERE keyword only when certain there's
actually a where clause.  Unified diff attached.




More information about the bugs mailing list