[Dbix-class] Observation when providing an arrayref to update

Jochen Luig jochen.luig at skytel.de
Fri Apr 3 08:26:26 BST 2009


Hi,

yesterday I stumbled upon an interesting phenomenon when debugging an
app. 
If you provide an array ref to the update method of a row object like
so:

$row->update({ some_column => [ "foo bar", "baz" ] });

the first array element seems to be provided to the resulting UPDATE
statement without the quotes leading to a syntax error in the SQL syntax
in the above example. (I'm aware that 0.8012 is the current version of
DBIx::Class, but I didn't find anything in the changelogs that seemed to
address this issue).

Please have a look at this minimal example:

(DBIx::Class version 0.8010)
Create statements for sqlite3:

CREATE TABLE foo (id integer primary key autoincrement, text text);
CREATE TABLE bar (id integer primary key autoincrement, text text);

Code:

#!/usr/bin/perl

use strict;
use warnings;

package My::Schema::Foo;
use base qw/DBIx::Class/;

__PACKAGE__->load_components( qw/Core/ );
__PACKAGE__->table('foo');
__PACKAGE__->add_columns( qw/id text/ );
__PACKAGE__->set_primary_key('id');
1;

package My::Schema;
use base qw/DBIx::Class::Schema/;

__PACKAGE__->load_classes('Foo');
1;

my $schema = My::Schema->connect('dbi:SQLite:dabble.db');

my $row = $schema->resultset('Foo')->create({text => 'foo'});

my $new = [ '\'baz\' WHERE id = 8; delete * from bar; -- ' ];

$row->update({ text => $new });

Output with DBIC_TRACE=1 :

$ perl dbic_dabble.pl 
INSERT INTO foo (text) VALUES (?): 'foo'
UPDATE foo SET text = 'baz' WHERE id = 8; drop table bar; --  WHERE ( id
= ? ): 'NULL', '28'

I didn't get the drop table statement executed but omitting the
WHERE-Clause in the above code I updated the column in question for the
whole table.
I don't think this is desired behaviour.

Any thoughts on this?

Jochen




More information about the DBIx-Class mailing list