[Tickets #9153] Re: BYTEA DB escaping for postgres driver

[bugs at horde.org]

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/9153
------------------------------------------------------------------------------
  Ticket             | 9153
  Updated By         | Jan Schneider <jan at horde.org>
  Summary            | BYTEA DB escaping for postgres driver
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Bug
  State              | Assigned
  Priority           | 3. High
  Milestone          | 4.0
  Patch              |
  Owners             | Chuck Hagenbuch, Horde Developers
------------------------------------------------------------------------------


Jan Schneider <jan at horde.org> (2011-01-26 07:59) wrote:

The problem is with replacing parameter placeholders in  
Horde_Db_Adapter_Base::_replaceParameters(). This is the place where  
we call quote() without a column parameter.
When using prepared statements we don't know the column types, and  
parsing the prepared statement to query the database for column types  
is out of question.

I see two potential solutions for this:
1) Analyze the column value and encode if necessary, e.g. if seeing a  
control character. The problems is that such a character may or may  
not appear in the values of such a column.
2) Add a new wrapper class to Horde_Db that represent a value and can  
be used for proper quoting, casting, escaping and encoding, e.g.  
$value = new Horde_Db_Value($value, 'binary') or even $value = new  
Horde_Db_Value_Binary($value).