| Subject | Re: [IBO] IBO bug: parameters ouside where clause produce |
|---|---|
| Author | rogervellacott |
| Post date | 2003-07-18T10:30:13Z |
This issue can be very dangerous. With Firebird's default
installation setup, in which OldParameterOrder = 0, an insert query
of the type
INSERT INTO TABLE_A
(F1,F2,F3...)
SELECT :Param1,F2,F3,... FROM TABLE_B
WHERE TABLE_B.F4 = :Param2
will reverse the values of the parameters and run without error. A
user could run for a long time without knowing that there is anything
wrong. It will either not insert anything, or if Param1 happens to
exist in TABLE_B.F4 it will insert values from completely the wrong
record!!
So I until this is fully resolved, we are running a test on a dummy
table every time a user logs in. We insert a record using a query
similar to the above (selecting from RDB$DATABASE to ensure only a
single insert), and we then test to see that the results are correct.
If not, the user is told to fix the firebird.conf file.
I would suggest anyone using FB1.5 for real should do likewise.
installation setup, in which OldParameterOrder = 0, an insert query
of the type
INSERT INTO TABLE_A
(F1,F2,F3...)
SELECT :Param1,F2,F3,... FROM TABLE_B
WHERE TABLE_B.F4 = :Param2
will reverse the values of the parameters and run without error. A
user could run for a long time without knowing that there is anything
wrong. It will either not insert anything, or if Param1 happens to
exist in TABLE_B.F4 it will insert values from completely the wrong
record!!
So I until this is fully resolved, we are running a test on a dummy
table every time a user logs in. We insert a record using a query
similar to the above (selecting from RDB$DATABASE to ensure only a
single insert), and we then test to see that the results are correct.
If not, the user is told to fix the firebird.conf file.
I would suggest anyone using FB1.5 for real should do likewise.