[Solar-talk] Patch for Solar_Content_Abstract
Travis Swicegood
development at domain51.com
Mon Oct 2 14:31:57 PDT 2006
Travis Swicegood wrote:
> The article does make sense. The kicker, as we discussed earlier, is
> that SQLite doesn't seem to like the following SQL:
>
> HAVING COUNT(id) = "1"
>
> But it will accept:
>
> HAVING COUNT(id) = 1
>
> Seems that version SQLite 3.2.8 has issues with quotes around numeric
> values. Anyone else hit this problem?
>
> The solution, of course, is to not quote that value. The having() call
> can be modified to the following:
>
> ->having('COUNT(nodes.id = ' . count(tags))
>
> But that doesn't fix the larger issue, that all integers that are passed
> through the quoting mechanisms will (may?) not work properly. The long
> term solution is to fix the SQL escaping to look to is_numeric() or some
> other similar function to figure out if it should be escaped.
>
> Anyone have any comments on this? There's a bug open at in Trac:
> http://solarphp.com/trac/ticket/10
This looks like it might be an issue with PDO. I imagine PDO should be
smart enough to know how to escape the various types for use in a query,
but it seems to want to escape integers which SQLite doesn't like.
Any thoughts on not using PDO's native escape mechanism when dealing
with integers? It's already overridden to some extent for handling arrays.
-Travis
More information about the solar-talk
mailing list