In the function user_admin_access_add(), the variable $aid is inserted into the access table.
function user_admin_access_add($mask = NULL, $type = NULL) {
if ($edit = $_POST) {
if (!$edit['mask']) {
form_set_error('mask', t('You must enter a mask.'));
}
else {
db_query("INSERT INTO {access} (aid, mask, type, status) VALUES ('%s', '%s', '%s', %d)", $aid, $edit['mask'], $edit['type'], $edit['status']);
$aid = db_last_insert_id('access', 'aid');
drupal_set_message(t('The access rule has been added.'));
drupal_goto('admin/user/rules');
}
}
else {
$edit['mask'] = $mask;
$edit['type'] = $type;
}
return drupal_get_form('user_admin_access_add_form', $edit, t('Add rule'));
}
However, the variable $aid is only initialised after the insert to the DB - should this be before the insert?
If it should be before the insert, please find the relevant patch.
Comments
Comment #1
paddy_deburca commentedI have just checked further. As $aid is not declared, the value of ' aid' in the table is auto-incremented.
It may be better practice to not pass the undeclared value and remove ' aid' completely from the insert statement.
The attached patch ignores the one previously posted and removes ' aid' from the insert.
Comment #2
paddy_deburca commentedI am updating the title and re-assigning this to minor as there is nothing broken.
To precise, I think that the insert statement should be
rather than passing an undeclared and uninitialised variable $aid' into an auto-increment column.
Comment #3
dpearcefl commentedIs there any interest in this issue any more?
Comment #4
paddy_deburca commentedNo. No longer an issue.