[Catalyst] PostgreSQL quoting issues
Ash Berlin
ash_cpan at firemirror.com
Wed Jan 16 15:38:21 GMT 2008
On Jan 16, 2008, at 3:15 PM, Marius Kjeldahl wrote:
> Joshua D. Drake wrote:
>>> Does anybody have an idea how I can pursuade Postgres into
>>> accepting this as just a simple string and that Postgres shouldn't
>>> try to interpret anything in it?
>> Yeah, quote the string. You can't submit an unquoted string to
>> PostgreSQL.
>
> As my original post demonstrated, that was not the issue at all. But
> I found the reason for the bug. It seems IF in the following
> expression:
>
> my $rsts = $c->model ('MintAppDB::TransSum')->find ({
> category => $c->req->param ('category'),
> sentto => $c->req->param ('sentto'),
> iso => $c->req->param ('iso')
> });
>
> if category and iso pointed to undefined values, the bug I struggled
> with was triggered. Making sure that they were defined took care of
> the problem. I guess the sql generating stuff didn't like being fed
> undefined values.
>
> Thanks anyway,
>
> Marius K.
>
Right two things here.
1) If someone requests ?iso=foo&iso=bar&iso=bar
This is the same as if you wrote
iso => 'foo', bar => 'bar'
instead you want iso => $c->req->prams->{iso}.
2) Those don't look like you are passing a primary or uniq key to
find. Find is designed for finding a single row. You want
$c->model ('MintAppDB::TransSum')->search({})->first
as you are relying on undocumented behaviour of find which might go
away in some future release of DBIx::Class (if it does it will
generate a warning for a while before it goes away.)
Ash
More information about the Catalyst
mailing list