Anemometer icon indicating copy to clipboard operation
Anemometer copied to clipboard
verified publisher icon box

MySQL checksum field not properly escaped

Open AndreasSchaek opened this issue 10 years ago • 1 comments

On the table search main page I click on the checksum of a query to view its details. Some of the queries can't be found and I get an error: 'Unknown checksum' When I dig into the queries that are executed I find the following:

SELECT `checksum` FROM `global_query_review` WHERE `checksum`='11572617643159325603'

This query will return an empty resultset, altough there is a fitting row. When I remove the apostrophe it works:

SELECT `checksum` FROM `global_query_review` WHERE `checksum`=11572617643159325603

The checksum column is a bigint and the apostrophe is not needed AFAIK. In my local installation I adjusted all occurences of a WHERE with $checksum_field_name and it works great, using MySQL 5.5.30.

AndreasSchaek avatar Jan 15 '16 10:01 AndreasSchaek

Does this cause translate_checksum function?

https://github.com/box/Anemometer/blob/1a4cca940046a465065e7388d4789cfc0d424485/lib/Anemometer.php#L365-L368

When hexed-checksum was constructed only numeric characters, translate_checksum regards it as already translated to bigint.

yoku0825 avatar Jan 23 '18 07:01 yoku0825