[development] using db_insert with big ints
David Cohen
drupal at dave-cohen.com
Tue Dec 28 22:53:40 UTC 2010
In the problem Andre describes, the database schema is correct. He is
using bigint.
It's the php code that causes a problem, it casts to an (int) before
submitting to the database, because (I presume) it wants to avoid
malicious queries embedded within what should be an int. Casting to an
(int) has different effects depending on whether the hardware is 32 bit
or 64 bit, as described on
http://us3.php.net/manual/en/function.is-int.php#97006
My opinion is that instead of casting, the db code should test something
like: if (is_int($x) || ctype_digit($x)) ...
-Dave
On Tue, 28 Dec 2010 13:34 -0800, "nan wich" <nan_wich at bellsouth.net>
wrote:
> I'm surprised it worked in D6. That number is simply longer than should
> have fit
> in an 'int' field. He needs to use 'bigint.'
>
> Nancy
>
> Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L.
> King, Jr.
>
>
>
> ________________________________
>
> From: David Cohen
> Is Drupal's db layer so weak that users must change their database schema
> in
> order to use it?
>
> Is that acceptable?
>
> Sounds like a bug to me.
>
More information about the development
mailing list