Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use named parameters #54172

Closed
wants to merge 1 commit into from
Closed

fix: use named parameters #54172

wants to merge 1 commit into from
+28 −28

Conversation

drupol
Copy link
Contributor

@drupol drupol commented Mar 6, 2024
edited

Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? no
License MIT

Hello!

Today, my colleague @samsonradu and I noticed an issue while using Oracle database and regarding the DoctrineDbalAdapter, potentially introduced by PR #50507.

Basically, by making positional parameters lazily injected, the order of those parameters are no more preserved, and we end up with totally broken SQL queries. Here are more details:

Failed to save key "ulm_ac_rbac_action_roles" of type array: 

An exception occurred while executing

MERGE INTO cache_items 
USING DUAL ON (item_id = ?) 
WHEN NOT MATCHED THEN INSERT (item_id, item_data, item_lifetime, item_time) 
VALUES (?, ?, ?, ?) 
WHEN MATCHED THEN UPDATE SET item_data = ?, item_lifetime = ?, item_time = ? 

with params [
  3600, 
  1709126855, 
  3600, 
  1709126855, 
  "EeA4QGjhnZ:ulm_ac_rbac_action_roles", 
  "EeA4QGjhnZ:ulm_ac_rbac_action_roles", 
  "\x00...\x69..."
]

The introduction of a lazy loading mechanism in this PR has led to issues with the ordering of bound values in SQL statements. New keys added by the lazy loading process are appended at the end of the parameters array, disrupting the intended logical order. See it here:

/app/vendor/symfony/cache/Adapter/DoctrineDbalAdapter.php:354:
object(Doctrine\DBAL\Statement)[1878]
  protected 'sql' => string 'MERGE INTO cache_items USING DUAL ON (item_id = ?) WHEN NOT MATCHED THEN INSERT (item_id, item_data, item_lifetime, item_time) VALUES (?, ?, ?, ?) WHEN MATCHED THEN UPDATE SET item_data = ?, item_lifetime = ?, item_time = ?' (length=223)
  protected 'params' => 
    array (size=8)
      4 => int 3600
      5 => int 1709713419
      7 => int 3600
      8 => int 1709713419
      1 => string 'q55PWWD1R0:ulm_ac_rbac_action_roles' (length=35)
      2 => string 'q55PWWD1R0:ulm_ac_rbac_action_roles' (length=35)
      3 => string 'value1'
      6 => string 'value1'

In here, you can see that the params are not correctly ordered and this is breaking the SQL query.

IMHO, I think this issue should be fixed in doctrine/dbal with a simple ksort on params, but I'm not sure, that's the reason why I comment in here.
Alternatively, we could implement explicit parameter mapping instead of positional indexes to ensure each bound value maintains its correct order, regardless of when it's added.

From the doctrine/dbal doc, I see:

Support for positional and named prepared statements varies between the different database extensions. PDO implements its own client side parser so that both approaches are feasible for all PDO drivers. OCI8/Oracle only supports named parameters, but Doctrine implements a client side parser to allow positional parameters also.

Maybe this is something to fix somewhere else?

@carsonbot
Copy link

Hey!

To help keep things organized, we don't allow "Draft" pull requests. Could you please click the "ready for review" button or close this PR and open a new one when you are done?

Note that a pull request does not have to be "perfect" or "ready for merge" when you first open it. We just want it to be ready for a first review.

Cheers!

Carsonbot

@drupol drupol mentioned this pull request Mar 6, 2024
Merged
@drupol drupol changed the base branch from 7.1 to 5.4 March 6, 2024 09:05
@nicolas-grekas nicolas-grekas changed the base branch from 5.4 to 7.1 March 6, 2024 09:08
@drupol drupol force-pushed the cache/doctrinedbaladapter/use-named-parameters branch from 6da1930 to f0fd93d Compare March 6, 2024 09:13
@drupol drupol changed the base branch from 7.1 to 5.4 March 6, 2024 09:13
@drupol drupol marked this pull request as ready for review March 6, 2024 09:20
@carsonbot carsonbot added this to the 5.4 milestone Mar 6, 2024
derrabus
derrabus approved these changes Mar 6, 2024
View reviewed changes
Copy link
Member

@derrabus derrabus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with the change, but can you please also submit a bug report for DBAL?

@drupol
Copy link
Contributor Author

drupol commented Mar 6, 2024

Sure! Will submit a PR there too.

@drupol drupol mentioned this pull request Mar 6, 2024
Closed
@nicolas-grekas
Copy link
Member

Closing per #50507 (comment) since it ain't broken. Thanks for the heads up.

@drupol drupol deleted the cache/doctrinedbaladapter/use-named-parameters branch March 7, 2024 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derrabus derrabus derrabus approved these changes

Assignees
No one assigned
Labels
Bug Status: Reviewed
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@drupol @carsonbot @nicolas-grekas @derrabus