db_query() prevents to insert string '{'

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
bielefek
Posts: 1
Joined: 25 Nov 2020, 10:10

db_query() prevents to insert string '{'

Post by bielefek »

Hello,

im new to this forum & new to mantis development too.
I have an issue with an update query.
Query/Code looks like:

Code: Select all

 $filterString= "{";
        $update_filter_query = "UPDATE mantis_filters_table SET filter_string='".$filterString."';
        
        # execute SQL query
        $update_filter_query_result = db_query($update_filter_query);

        # print results
        var_dump($update_filter_query);  //result displayed is as wanted '{'
In DB the inserted value is: 'mantis_'
--> not as wanted '{'


The issue seems to be in process_sql_syntax() in DbQuery.class.php:

Code: Select all

$this->db_query_string = strtr( $this->db_query_string,
			array( '{' => $s_prefix, '}' => $s_suffix )
			);

Any ideas for a workaround?
I've searched in this forum and in web, but as i said im quiet new to the "mantis-world" and got no workaround yet.
cas
Posts: 988
Joined: 11 Mar 2006, 16:08
Contact:

Re: db_query() prevents to insert string '{'

Post by cas »

Which version are you running?
Where is this code coming from?
dregad
Developer
Posts: 56
Joined: 26 Jul 2010, 14:24

Re: db_query() prevents to insert string '{'

Post by dregad »

Our database abstraction layer uses the syntax {xxx} as placeholder for internal table names, e.g.

Code: Select all

select * from {bug}
Currently the code just performs a blind
replacement
of '{' by the table prefix, and ' }' by the suffix. This should be done in a more discerning manner.

Unfortunately, there is currently no way to escape this, so I would suggest that you open an issue at https://mantisbt.org/bugs to track the problem.
Post Reply