6.0.0-git
2019-04-23

[#6552] DB Error: syntax error when searching with no criteria
Summary DB Error: syntax error when searching with no criteria
Queue Hermes
Type Bug
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester php (at) ideacode (dot) com
Created 2008-03-31 (4040 days ago)
Due
Updated 2009-10-02 (3490 days ago)
Assigned
Resolved 2008-04-04 (4036 days ago)
Milestone
Patch No

History
2009-10-02 03:20:22 HJTR (at) hotmail (dot) com Comment #4 Reply to this comment
How do I remove my email Address? Apparently It is controlled (in my 
name) by a woman who I no longer have dealings with.
2008-04-04 11:45:52 Jan Schneider Comment #3
Assigned to Jan Schneider
State ⇒ Resolved
Reply to this comment
Committed, thanks. I also fixed the link_page parameter being passed 
in as a criteria.
2008-03-31 23:14:55 php (at) ideacode (dot) com Comment #2 Reply to this comment
Ugh. Can someone edit comment #1 and remove that email address I 
included? I don't want a spam bot getting it.  Thanks.
2008-03-31 23:13:33 php (at) ideacode (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ DB Error: syntax error when searching with no criteria
Queue ⇒ Hermes
Milestone ⇒
Patch ⇒ No
New Attachment: issue.diff Download
Reply to this comment
As a user with hermes:review permission, click Search in the top menu 
bar, then -- without selecting any criteria -- click Search 
immediately.  A "DB Error: syntax error" is returned, when I expect to 
see all entered hours.



In non-reviewer cases, the "employee" criterion is always passed 
implicitly, as that's the filter used to limit that person's search.   
Thus inspecting $sql at hermes/lib/Driver/sql.php:280 shows $filters as:

array(2) {

   ["employee"]=>

   string(21) "pmvaleri@ideacode.com"

   ["link_page"]=>

   string(10) "search.php"

}



When doing that same query as a reviewer, however, $filters is:

array(1) {

   ["link_page"]=>

   string(10) "search.php"

}



The problem is that $filters contains one entry, which causes the 
WHERE clause keyword to be inserted into the SQL statement, but then 
no actual criteria are added after the WHERE clause, since link_page 
is not a criterion but an option being passed in for the function to 
use otherwise.



The best fix is to insert the WHERE keyword only when certain there's 
actually a where clause.  Unified diff attached.

Saved Queries