Undesired fixed value after beforeSave

A place for users and developers of the Xataface to discuss and receive support.

Undesired fixed value after beforeSave

Postby VeillecoJulien » Wed Jan 23, 2013 2:07 am

Hello everybody,

I'm actually working with the latest stable version of Xataface and I had a problem while developing a function to check some SQL request.
In fact in my page containing the users and their profile, I have a field called 'sql_vco_affaires' and in this field I put some custom and sometimes fancy request hard to make automatically elseway. So when I create the client profile, I just put the request SQL in that field and later the client will be able to just execute them. (only SELECT something requests)
So I tried to verify the request, just to see if they throw me an error so here is my function :

Code: Select all
function beforeSave(&$record)
{
   $app =& Dataface_Application::getInstance();
   $query =$record->strval('sql_vco_affaires');
   $res = mysql_query($query, $app->db());
   $sql_error = mysql_error();
   if (!$res)
   {
      return PEAR::raiseError($sql_error . ", il y a une erreur dans votre requête SQL.", DATAFACE_E_NOTICE);
   }
}


(don't tell me, I know I need to complete the conditions in the "if", that's just the beginning)
It works fine, it checks the SQL request but then when the error is raised on the page, it's just impossible to change the request. It seems to be save or fixed, I write another request in the 'sql_vco_affaires' field but when I try to save them again or even when I click "next" to modify some other fields of the user, the new value isn't even took in consideration. It just checks and show me the first value it checked. :/
Let's say I want to check "SELECT * FROM LOL;" it will raise me an error because the LOL table doesn't exist. So I erase "SELECT * FROM LOL;" and replace it by "SELECT * FROM users;" for example. But when I click "save" (or when I click "next" and then come back to the page) it throws me back the previous error and the value displayed in the field and also checked it the previous one too !

I don't understand why, so I'm here to ask for help. :P
Thanks in advance ! (and excuse me if my english isn't perfect : I'm French)
VeillecoJulien
 
Posts: 6
Joined: Tue Jan 22, 2013 9:00 am

Re: Undesired fixed value after beforeSave

Postby shannah » Wed Jan 23, 2013 9:49 am

Very interesting use case. Of course, this means you must *completely* trust your user as he could issue a "drop database" statement, or worse.

Does the field save properly if you don't run the query in it in the beforeSave() request?
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Undesired fixed value after beforeSave

Postby VeillecoJulien » Thu Jan 24, 2013 1:20 am

In fact I'm the only one who can create "users", users themselves can't edit their preferences. If they want to add something here, they just ask me. Of course if it wasn't the case it would be waaaay too dangerous.

Yes it saves it and changes it correctly in the database and in the form.
VeillecoJulien
 
Posts: 6
Joined: Tue Jan 22, 2013 9:00 am

Re: Undesired fixed value after beforeSave

Postby shannah » Thu Jan 24, 2013 9:53 am

So, to be clear. Suppose you have query A and query B, where query B is a valid SQL query and A is an invalid SQL query (i.e. would throw an error if run in mysql_query()).

On your form you begin with sql_vco_affaires empty. You enter query A into the sql_vco_affaires field and click save. It gives you an error message on the form and the form is not saved. At this point the form shows query A in the sql_vco_affaires field, but it is highlighed as error input.

So you paste query B into the sql_vco_affaires field, and click save. It too comes back with an error. At this point the sql_vco_affaires field still contains query A, and is marked as an error.

Is this correct?
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Undesired fixed value after beforeSave

Postby VeillecoJulien » Thu Jan 24, 2013 10:03 am

Exactly.
That's it.

And I really don't understand why.
VeillecoJulien
 
Posts: 6
Joined: Tue Jan 22, 2013 9:00 am

Re: Undesired fixed value after beforeSave

Postby shannah » Thu Jan 24, 2013 10:06 am

I don't understand why that would be either. You may want to do some debugging to try to get more information about why that query step is screwing things up. It doesn't make sense.
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Undesired fixed value after beforeSave

Postby VeillecoJulien » Thu Jan 24, 2013 10:11 am

How can I try to debugg it ? I don't really know how to do it...
VeillecoJulien
 
Posts: 6
Joined: Tue Jan 22, 2013 9:00 am

Re: Undesired fixed value after beforeSave

Postby shannah » Mon Jan 28, 2013 9:37 am

Well, as a starting place you already know that it works if you don't perform the query inside beforeSave(), right? I would put echo statements (followed by exit) into your beforeSave() and afterSave() triggers to see what query is actually being run and whether values are being changed... Just follow the trail with echo statements and something should pop up.

-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Undesired fixed value after beforeSave

Postby VeillecoJulien » Thu Feb 07, 2013 2:30 am

I will check this as soon as I can, thank you.
VeillecoJulien
 
Posts: 6
Joined: Tue Jan 22, 2013 9:00 am


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 2 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved