phpgroupware-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bugs #3374>] Bad SQL and poor relation in /regis

From: Dave Hall
Subject: [Phpgroupware-tracker] [bugs #3374>] Bad SQL and poor relation in /registration/inc/class.soreg.inc.php
Date: Wed, 21 Apr 2004 04:10:50 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040405 Firefox/0.8 
This mail is an automated notification from the bugs tracker
 of the project: phpGroupWare.

/**************************************************************************/
[bugs #3374>] Latest Modifications:

Changes by: 
                Dave Hall <address@hidden>
'Date: 
                Wed 04/21/04 at 08:10 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
            Priority | 5 - Normal                | 3 - Low
         Assigned to | skwashd                   | jengo


------------------ Additional Follow-up Comments ----------------------------
jengo's app.  registration was not included in 16 afaik.






/**************************************************************************/
[bugs #3374>] Full Item Snapshot:

URL: <http://savannah.gnu.org/bugs/?func=detailitem&item_id=3374>>
Project: phpGroupWare
Submitted by: Kai Hofmann
On: Tue 04/29/03 at 09:06

Category:  registration
Item Group:  devel cvs
Severity:  5 - Average
Priority:  3 - Low
Resolution:  None
Assigned to:  jengo
Status:  Open
Component Version:  None
Platform Version:  None
Reproducibility:  Every Time


Summary:  Bad SQL and poor relation in /registration/inc/class.soreg.inc.php 

Original Submission:  The SQL statement I found here is wrong - because in SQL 

phpgw_addressbook.lid='*$account_lid*'

is not what you want - correct it must be:

phpgw_addressbook.lid like '%$account_lid%'

last but not least referencing two tables in this way is absolutly evil! 
primary and foreign keys should always
be of the same type without a pattern matching!

                        $GLOBALS['phpgw']->db->query("select * from 
phpgw_accounts, phpgw_addressbook where account_lid='$account_lid' and 
phpgw_addressbook.lid='*$account_lid*'",__LINE__,__FILE__);
./registration/inc/class.soreg.inc.php


Follow-up Comments
------------------


-------------------------------------------------------
Date: Wed 04/21/04 at 08:10         By: skwashd
jengo's app.  registration was not included in 16 afaik.

-------------------------------------------------------
Date: Wed 04/21/04 at 07:42         By: cboettger
is this still valid?
Kai, did you provide a patch?













For detailed info, follow this link:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=3374>>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]