Development

#2867 (DB-dependant escaping)

You must first sign up to be able to contribute.

Ticket #2867 (new defect)

Opened 5 months ago

DB-dependant escaping

Reported by: birne Assigned to: trivoallan
Priority: major Milestone:
Component: sfPropelActAsNestedSetBehaviorPlugin Version: 1.0.10
Keywords: db-dependent quote quoting Cc:
Qualification: Unreviewed

Description

sfPropelActAsNestedSetBehavior relies on DB dependant code - e.g. in sfPropelActAsNestedSetBehavior.class.php on line 967: 

      $scope_sql = sprintf(' AND %s = "%s"', self::getColumnConstant($stub_name, 'scope'), $scopeId);

Please notice esp. the double quotes wich are used in PostgreSQL for quoting identifiers.

I haven't looked into it much further, but I must assume there is much more of such DB dependencies.