Hi all, With this mail I want to ask your attention for an issue in Zend_Db_Statement (ZF-5063 [1]). The function _stripQuoted is used with parameter substitution in statements. The current implementation is relying on a regular expression that is not optimal to say the least. People building their own queries might run into problems when their query becomes large. In this case, the preg library will segfault and kill the Apache worker. I've submitted a patch to reduce the chance of segfaulting by reducing the number of items put on the stack. This issue is duplicated twice already, probably because this is not a ZF nor a PHP issue, but a libpreg issue.
When I ran into the problem, I also noticed that the _stripQuoted function is not complete and even broken. Databases that support multiple quoting styles will fail to properly strip all instances. I've created an issue for this (ZF-7911 [2]), together with a patch. My problem is that I can't provide unit tests to prove my patches work and that I don't know all the specifics of every DBMS. I'd love to see someone spending some time on this issue, either by creating test cases or providing feedback. Thanks! Vincent de Lau [email protected] [1] http://framework.zend.com/issues/browse/ZF-5063 (Segmentaion fault on preg_replace in Zend_Db_Statement) [2] http://framework.zend.com/issues/browse/ZF-7911 (Zend_Db_Statement::_stripQuoted seems not to be complete)
