0008571: Using db_param() inside db_helper_like() causes SQL error

ID	Project	Category	View Status	Date Submitted	Last Update
0008571	mantisbt	db mysql	public	2007-11-12 10:15	2014-01-26 10:51

Reporter	jreese	Assigned To	grangeway
Priority	normal	Severity	crash	Reproducibility	always
Status	closed	Resolution	fixed
Target Version	1.2.0rc1	Fixed in Version	1.2.0rc1

Summary	0008571: Using db_param() inside db_helper_like() causes SQL error
Description	With bound queries, using db_param() inside a call to db_helper_like() will result in a bad query to the database, and will break the world. As it currently is, raw parameters must still be used in db_helper_like(), and that goes against the point of bound queries.
Steps To Reproduce	<code> $query = "SELECT COUNT() FROM $t_category_table WHERE project_id=" . db_param(0) . " AND " . db_helper_like( 'name', db_param(1) ); $count = db_result( db_query_bound( $query, array( $c_project_id, $c_name ) ) ); </code> results in this error (note that 'dht' was the value of $c_name in this example): <code> Database query failed. Error received from database was 0001064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dht'')' at line 2 for the query: SELECT COUNT() FROM mantis_category_table WHERE project_id=? AND (name LIKE '?') </code>
Tags	No tags attached.

rhurtik 2009-01-19 10:30 reporter ~0020656	Hi guys. Could you post some steps to reproduce to get the error ?

jreese 2009-03-30 10:03 reporter ~0021287	This seems to no longer be a problem.