New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Medoo internal regex alters my insertion values #1071
Comments
The Check out the Prepared Statement section. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Information
Describe the Problem
I was running an INSERT query with a string value like '<[email protected]>', and Medoo replaced my < > with quotes leaving it like "xxxxx@xxxx"."com".
After investigating, I found line 664 (function buildRaw), this function is applying a preg_replace to the query:
'/(([`']).?)?((FROM|TABLE|INTO|UPDATE|JOIN|TABLE IF EXISTS)\s)?<(([\p{L}][\p{L}\p{N}@$#-])(.[\p{L}][\p{L}\p{N}@$#-])?)>([^,]*?\2)?/u'
This regex is also modifying string values inside single quotes 'xxxxx', so I asked ChatGPT to fix it 😂 It gave me this:
'/(([`']).?)?((FROM|TABLE|INTO|UPDATE|JOIN|TABLE IF EXISTS)\s)?(?<!')<(([\p{L}][\p{L}\p{N}@$#-])(.[\p{L}][\p{L}\p{N}@$#-])?)>(?!')([^,]*?\2)?/u'
And it works! I haven't tested if it causes other problems, but for now so far everything's working fine and the bug is solved.
Detail Code
Simply run this query:
Expected output
It should save exactly what you write, but instead, If you check the database after insertion, you will see:
"C5TBEC76-9DC0-4758-9FA1-21DDO6B91D59@mail"."com"
** I know that parameters shouldn't be passed like that, directly in the string, but doesn't change the fact that Medoo shouldn't alter the value in this way, so I assumed it's a bug.
The text was updated successfully, but these errors were encountered: