[Catalyst] PostgreSQL quoting issues

Ash Berlin ash_cpan at firemirror.com
Wed Jan 16 15:38:21 GMT 2008


On Jan 16, 2008, at 3:15 PM, Marius Kjeldahl wrote:

> Joshua D. Drake wrote:
>>> Does anybody have an idea how I can pursuade Postgres into  
>>> accepting this as just a simple string and that Postgres shouldn't  
>>> try to interpret anything in it?
>> Yeah, quote the string. You can't submit an unquoted string to  
>> PostgreSQL.
>
> As my original post demonstrated, that was not the issue at all. But  
> I found the reason for the bug. It seems IF in the following  
> expression:
>
>    my $rsts = $c->model ('MintAppDB::TransSum')->find ({
>                      category => $c->req->param ('category'),
>                      sentto => $c->req->param ('sentto'),
>                      iso => $c->req->param ('iso')
>                    });
>
> if category and iso pointed to undefined values, the bug I struggled  
> with was triggered. Making sure that they were defined took care of  
> the problem. I guess the sql generating stuff didn't like being fed  
> undefined values.
>
> Thanks anyway,
>
> Marius K.
>

Right two things here.

1) If someone requests ?iso=foo&iso=bar&iso=bar

This is the same as if you wrote

iso => 'foo', bar => 'bar'

instead you want iso => $c->req->prams->{iso}.

2) Those don't look like you are passing a primary or uniq key to  
find.  Find is designed for finding a single row. You want

   $c->model ('MintAppDB::TransSum')->search({})->first

as you are relying on undocumented behaviour of find which might go  
away in some future release of DBIx::Class (if it does it will  
generate a warning for a while before it goes away.)

Ash



More information about the Catalyst mailing list