Page 1 of 1

Undesired fixed value after beforeSave

PostPosted: Wed Jan 23, 2013 2:07 am
by VeillecoJulien
Hello everybody,

I'm actually working with the latest stable version of Xataface and I had a problem while developing a function to check some SQL request.
In fact in my page containing the users and their profile, I have a field called 'sql_vco_affaires' and in this field I put some custom and sometimes fancy request hard to make automatically elseway. So when I create the client profile, I just put the request SQL in that field and later the client will be able to just execute them. (only SELECT something requests)
So I tried to verify the request, just to see if they throw me an error so here is my function :

Code: Select all
function beforeSave(&$record)
{
   $app =& Dataface_Application::getInstance();
   $query =$record->strval('sql_vco_affaires');
   $res = mysql_query($query, $app->db());
   $sql_error = mysql_error();
   if (!$res)
   {
      return PEAR::raiseError($sql_error . ", il y a une erreur dans votre requĂȘte SQL.", DATAFACE_E_NOTICE);
   }
}


(don't tell me, I know I need to complete the conditions in the "if", that's just the beginning)
It works fine, it checks the SQL request but then when the error is raised on the page, it's just impossible to change the request. It seems to be save or fixed, I write another request in the 'sql_vco_affaires' field but when I try to save them again or even when I click "next" to modify some other fields of the user, the new value isn't even took in consideration. It just checks and show me the first value it checked. :/
Let's say I want to check "SELECT * FROM LOL;" it will raise me an error because the LOL table doesn't exist. So I erase "SELECT * FROM LOL;" and replace it by "SELECT * FROM users;" for example. But when I click "save" (or when I click "next" and then come back to the page) it throws me back the previous error and the value displayed in the field and also checked it the previous one too !

I don't understand why, so I'm here to ask for help. :P
Thanks in advance ! (and excuse me if my english isn't perfect : I'm French)

Re: Undesired fixed value after beforeSave

PostPosted: Wed Jan 23, 2013 9:49 am
by shannah
Very interesting use case. Of course, this means you must *completely* trust your user as he could issue a "drop database" statement, or worse.

Does the field save properly if you don't run the query in it in the beforeSave() request?

Re: Undesired fixed value after beforeSave

PostPosted: Thu Jan 24, 2013 1:20 am
by VeillecoJulien
In fact I'm the only one who can create "users", users themselves can't edit their preferences. If they want to add something here, they just ask me. Of course if it wasn't the case it would be waaaay too dangerous.

Yes it saves it and changes it correctly in the database and in the form.

Re: Undesired fixed value after beforeSave

PostPosted: Thu Jan 24, 2013 9:53 am
by shannah
So, to be clear. Suppose you have query A and query B, where query B is a valid SQL query and A is an invalid SQL query (i.e. would throw an error if run in mysql_query()).

On your form you begin with sql_vco_affaires empty. You enter query A into the sql_vco_affaires field and click save. It gives you an error message on the form and the form is not saved. At this point the form shows query A in the sql_vco_affaires field, but it is highlighed as error input.

So you paste query B into the sql_vco_affaires field, and click save. It too comes back with an error. At this point the sql_vco_affaires field still contains query A, and is marked as an error.

Is this correct?

Re: Undesired fixed value after beforeSave

PostPosted: Thu Jan 24, 2013 10:03 am
by VeillecoJulien
Exactly.
That's it.

And I really don't understand why.

Re: Undesired fixed value after beforeSave

PostPosted: Thu Jan 24, 2013 10:06 am
by shannah
I don't understand why that would be either. You may want to do some debugging to try to get more information about why that query step is screwing things up. It doesn't make sense.

Re: Undesired fixed value after beforeSave

PostPosted: Thu Jan 24, 2013 10:11 am
by VeillecoJulien
How can I try to debugg it ? I don't really know how to do it...

Re: Undesired fixed value after beforeSave

PostPosted: Mon Jan 28, 2013 9:37 am
by shannah
Well, as a starting place you already know that it works if you don't perform the query inside beforeSave(), right? I would put echo statements (followed by exit) into your beforeSave() and afterSave() triggers to see what query is actually being run and whether values are being changed... Just follow the trail with echo statements and something should pop up.

-Steve

Re: Undesired fixed value after beforeSave

PostPosted: Thu Feb 07, 2013 2:30 am
by VeillecoJulien
I will check this as soon as I can, thank you.