Unable to render TableGateway select object without notice

Question

Unable to render TableGateway select object without notice

Closed this issue 8 years ago · 6 comments

divix1988 commented 8 years ago

I am getting the following message when trying to debug any SQL into string:

Notice: Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver 
support can introduce security vulnerabilities in a production environment in 
D:\RZECZY_ADAMA\_XAMPP\xampp-5.6\htdocs\zend3\vendor\zendframework\zend-db\src\Adapter\Platform\AbstractPlatform.php on line 110

Code:

public function selectWith(Select $select) {
    $select->getSqlString(new \Zend\Db\Adapter\Platform\Mysql());
    return parent::selectWith($select);
}

And config:

'db' => array(
    'driver' => 'Pdo',
    'platform' => 'Mysql',
    'dsn' => 'mysql:dbname=test;host=localhost',
    'driver_options' => array(
        1002 => 'SET NAMES \'UTF8\''
    ),
),

Answer 1 · 2017-02-01T23:36:18.000Z

Objects from Platform namespace are used for generic SQL syntax generation when converting objects to SQL and passing to the adapter. But, there are variations between platforms which generic platform class cannot predict, so it is best for the framework to ask the specific driver you wish to use how to do something (especially filtering/quoting). Eg. MySQLi vs PDO Mysql adapter will do it differently. You have not provided actual adapter, hence the error.

$select->getSqlString(
   new \Zend\Db\Adapter\Platform\Mysql(
      new Zend\Db\Adapter\Driver\Mysqli\Mysqli($dbConfigs)
   )
);

Might help, if you are doing this manually. Otherwise, adapter object you need is already instantiated somewhere, if you are using table gateway, for example.

Answer 2 · 2017-02-01T23:53:18.000Z

Thanks @alextech for such a quick reply.

I was indeed working inside TableGateway, yet simple $this->adapter did not make a trick.
However I've managed to get it finally working:

class TableGateway extends \Zend\Db\TableGateway\TableGateway
{
    public function selectWith(Select $select) {
        echo $select->getSqlString(new \Zend\Db\Adapter\Platform\Mysql($this->adapter->driver));
        return parent::selectWith($select);
    }
}

It looks though quite bad, is there any way for using current platform in TableGateway? or even better: pre-defaulting platform to getSqlString(), apart from extending Select object?

Cheers.

Answer 3 · 2017-02-01T23:58:56.000Z

Typically do not get sql strings unless debugging in the first place, so I cannot think of better way, it's not used this way. That happens automatically for you when time to get hydrated objects out of it. Can you give more context? And since not a bug, possibly better suited for experts exchange or stackoverflow.

Answer 4 · 2017-02-02T08:29:59.000Z

It's for debugging purposes. Hydrators doesn't sound like a good idea. I am using Zend\Debug::dump() for displaying though, you would think that that packaged should better handle DB things like this...

Answer 5 · 2017-02-02T15:54:19.000Z

Yes, debugging here is awkward. I tend to put breakpoints into the frameworks and use IDE to inspect values during conversion of DB objects into SQL strings. Making it compatible with Zend\Debug could possibly be a feature request for maintainers to decide. Personally, I am comfortable with breakpoints and sometimes inspecting traffic at the database server.

Answer 6 · 2017-02-02T16:32:10.000Z

Thanks for the input @alextech, I am closing this issue though.