[#6552] DB Error: syntax error when searching with no criteria
Summary DB Error: syntax error when searching with no criteria
Queue Hermes
Type Bug
State Resolved
Priority 1. Low
Owners jan@horde.org
Requester php@ideacode.com
Created 2008-03-31 (4483 days ago)
Due
Updated 2009-10-02 (3933 days ago)
Assigned
Resolved 2008-04-04 (4479 days ago)
Milestone
Patch No

Comments
php@ideacode.com 2008-03-31 23:13:33
As a user with hermes:review permission, click Search in the top menu 
bar, then -- without selecting any criteria -- click Search 
immediately.  A "DB Error: syntax error" is returned, when I expect to 
see all entered hours.



In non-reviewer cases, the "employee" criterion is always passed 
implicitly, as that's the filter used to limit that person's search.   
Thus inspecting $sql at hermes/lib/Driver/sql.php:280 shows $filters as:

array(2) {

   ["employee"]=>

   string(21) "pmvaleri@ideacode.com"

   ["link_page"]=>

   string(10) "search.php"

}



When doing that same query as a reviewer, however, $filters is:

array(1) {

   ["link_page"]=>

   string(10) "search.php"

}



The problem is that $filters contains one entry, which causes the 
WHERE clause keyword to be inserted into the SQL statement, but then 
no actual criteria are added after the WHERE clause, since link_page 
is not a criterion but an option being passed in for the function to 
use otherwise.



The best fix is to insert the WHERE keyword only when certain there's 
actually a where clause.  Unified diff attached.

php@ideacode.com 2008-03-31 23:14:55
Ugh. Can someone edit comment #1 and remove that email address I 
included? I don't want a spam bot getting it.  Thanks.

Jan Schneider <jan@horde.org> 2008-04-04 11:45:52
Committed, thanks. I also fixed the link_page parameter being passed 
in as a criteria.

HJTR@hotmail.com 2009-10-02 03:20:22
How do I remove my email Address? Apparently It is controlled (in my 
name) by a woman who I no longer have dealings with.