[Phpmyadmin-devel] Two big bugs

Hi All! Here are two really annoying bugs I've been reported: 1. select * from aTable where afield <123 select * from aTable where afield like "arg" Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query. The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem! 2. select * from link LIMIT 1,5 This kind of query always fails because of an invalid derived query at lines 82-94 in sql.php3 Greets, Loïc ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif

Hi, i've found another _new_ bug: type: "show table status from aTable" this results a lot of warnings plus Can't read dir of './aTable/' (Errcode: 2) The Problem is in line 79 in sql.php3. Loic, can you look also about this problem? -- Steve
-----Original Message----- From: phpmyadmin-devel-admin@lists.sourceforge.net [mailto:phpmyadmin-devel-admin@lists.sourceforge.net]On Behalf Of Loïc Sent: Friday, July 13, 2001 1:09 AM To: phpMyAdmin Subject: [Phpmyadmin-devel] Two big bugs
Hi All!
Here are two really annoying bugs I've been reported:
1. select * from aTable where afield <123 select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem!
2. select * from link LIMIT 1,5
This kind of query always fails because of an invalid derived query at lines 82-94 in sql.php3
Greets, Loïc
__________________________________________________________________ ____________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel

Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a good fix. Marc Loïc a écrit :
Hi All!
Here are two really annoying bugs I've been reported:
1. select * from aTable where afield <123 select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem!

Why not trying : $variable = preg_replace("/&/","&",$variable); ? Jocelyn Fournier Presence-PC www.presence-pc.com ----- Original Message ----- From: "Marc Delisle" <DelislMa@CollegeSherbrooke.qc.ca> To: <phpmyadmin-devel@lists.sourceforge.net> Sent: Friday, July 13, 2001 2:43 PM Subject: Re: [Phpmyadmin-devel] Two big bugs Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a good fix. Marc Loïc a écrit :
Hi All!
Here are two really annoying bugs I've been reported:
1. select * from aTable where afield <123 select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem!
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel

Good idea! Loic, are you working on this? Maybe the htmlspecialchars I added in db_readdump.php3 and lib.inc.php3 should be removed? "Fournier Jocelyn [Presence-PC]" a écrit :
Why not trying :
$variable = preg_replace("/&/","&",$variable);
?
Jocelyn Fournier Presence-PC www.presence-pc.com
----- Original Message ----- From: "Marc Delisle" <DelislMa@CollegeSherbrooke.qc.ca> To: <phpmyadmin-devel@lists.sourceforge.net> Sent: Friday, July 13, 2001 2:43 PM Subject: Re: [Phpmyadmin-devel] Two big bugs
Yes I added the htmlspecialchars to handle bug 439565, but maybe it's not a good fix.
Marc
Loïc a écrit :
Hi All!
Here are two really annoying bugs I've been reported:
1. select * from aTable where afield <123 select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars' function is applied on them (db_readdump.php3, line 62). Then the '<' and '"' characters are replaced by their html entities and, of course, MySQL fails to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars' funtion is applied at this stage? I've just tried to comment this line and can't face any problem!
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel

This generates the following weird query: select * from link limit 1,5 LIMIT 0, 30 phpMyAdmin likes to add "LIMIT 0,30" to every query put in the query box, we will have to make it forget this bad habit :) Are you working on this bug? Marc Loïc a écrit :
2. select * from link LIMIT 1,5
This kind of query always fails because of an invalid derived query at lines 82-94 in sql.php3
Greets, Loïc

On Fri, Jul 13, 2001 at 09:00:04AM -0400, Marc Delisle wrote:
This generates the following weird query: select * from link limit 1,5 LIMIT 0, 30
phpMyAdmin likes to add "LIMIT 0,30" to every query put in the query box, we will have to make it forget this bad habit :)
what about adding the limit instruction only if it is not in the query string yet ? would just be a regexp... Olivier -- _________________________________________________________________ Olivier Mueller - om@8304.ch - PGPkeyID: 0E84D2EA - Switzerland qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
participants (5)
-
Fournier Jocelyn [Presence-PC]
-
Loïc
-
Marc Delisle
-
Olivier M.
-
Steve Alberty