Line 32 of imagefield_avatar.module quotes the db_query in single quotes, with double quotes around the query arguments.

While this is acceptable for MySQL, current PostgreSQL releases will not accept this query - queries must single quote their arguments.
(and then double quote the entire query, or escape the quotes, I suppose)

CommentFileSizeAuthor
#4 imagefield_avatar-quoting-807182-4.patch501 bytesVector-
#3 imagefield_avatar-quoting-807182-3.patch499 bytesVector-

Comments

Vector-’s picture

Vector- commented
Priority: Normal » Minor

This is a rather minor issue really... sorry, was kinda tired :p

crea’s picture

crea commented

Well, if the query fails completely, it's not a minor issue. I don't use PgSQL myself so I can't contribute to bugfixing this, but I will accept RTBC patches.

Vector-’s picture

Vector- commented
StatusFileSize
new imagefield_avatar-quoting-807182-3.patch499 bytes

I suppose that's true, though anyone trying to run things in PgSQL probably has become fairly used to stuff like this ;)

Anyhow, I think the appropriate solution is to use double quotes around the query string here?
I haven't had any problems with this patch but I admit I'm relatively new to this stuff and not quite sure on the most appropriate solution, since double quoted strings can incur a slight execution penalty?

This is the patch I'm using at the moment, and I haven't noticed any problems with double quoting the query string.

Vector-’s picture

Vector- commented
Status: Active » Needs review
StatusFileSize
new imagefield_avatar-quoting-807182-4.patch501 bytes

And the other option is escaping the quotes, if there's some particular desire for single quote string parsing there?

Also lets see if I get this patch thing right this time?

PS: I've tested a few uploads with this patch and didn't get any errors, but as noted, the first one is what I'm actively using.

crea’s picture

crea commented

Patch in #3 looks good. There's no reason to optimize quotes ;)

Vector-’s picture

Vector- commented

Also worth noting - while this is an incredibly common issue when working with PgSQL... my experience with this one in particular was just bizarre...

That is to say that while I have no problems reproducing this error now if I revert things, I and several other users were able to get functioning user pictures without the patch - a situation which I simply cannot explain, as by all rights this query should never have been capable of running, since PgSQL expects strings to be single quoted, and reserves double quotes for irregular table / column names.

I have tried to reproduce this working state however, and cannot, reverting the patch gives me the expected 'column not found' errors on every test case I can come up with.
I admissibly just haven't tried a clean install, but as noted... I really don't understand how it ever worked at all - which I suppose means there's obviously something I'm missing - but the patch does fix it.

Going deep into the best practices docs, I did finally find this though "Any string literal or %s placeholder must be enclosed by single quotes: ' . Never use double quotes."
http://drupal.org/node/2497
So this issue is definitely applicable, even if I can't explain the mysterious working state ;)

Vector-’s picture

Vector- commented
Status: Needs review » Reviewed & tested by the community

So now that I can provide a more solid reason than "this fails sometimes"...

This is a rather trivial patch?

(I hope I'm doing this correctly, if not, if you can be bothered, please let me know ;)

crea’s picture

crea commented
Status: Reviewed & tested by the community » Fixed

Thanks, committed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.