[development] using db_insert with big ints
Larry Garfield
larry at garfieldtech.com
Wed Dec 29 05:24:23 UTC 2010
This entire thread belongs in an issue where it can be addressed properly.
Also to correct a statement in the original posting, db_insert() does not rely
on drupal_write_record(). drupal_write_record() is not a part of DB API; it's
a Drupal serialization function that leverages the DB API, and I am quite open
about my desire to see drupal_write_record() die a swift death in Drupal 8.
--Larry Garfield
On Tuesday, December 28, 2010 4:53:40 pm David Cohen wrote:
> In the problem Andre describes, the database schema is correct. He is
> using bigint.
>
> It's the php code that causes a problem, it casts to an (int) before
> submitting to the database, because (I presume) it wants to avoid
> malicious queries embedded within what should be an int. Casting to an
> (int) has different effects depending on whether the hardware is 32 bit
> or 64 bit, as described on
> http://us3.php.net/manual/en/function.is-int.php#97006
>
> My opinion is that instead of casting, the db code should test something
> like: if (is_int($x) || ctype_digit($x)) ...
>
>
> -Dave
>
>
> On Tue, 28 Dec 2010 13:34 -0800, "nan wich" <nan_wich at bellsouth.net>
>
> wrote:
> > I'm surprised it worked in D6. That number is simply longer than should
> > have fit
> > in an 'int' field. He needs to use 'bigint.'
> >
> > Nancy
> >
> > Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L.
> > King, Jr.
> >
> >
> >
> > ________________________________
> >
> > From: David Cohen
> > Is Drupal's db layer so weak that users must change their database schema
> > in
> > order to use it?
> >
> > Is that acceptable?
> >
> > Sounds like a bug to me.
More information about the development
mailing list