[wp-trac] [WordPress Trac] #32315: $wpdb->insert fails without error msg

WordPress Trac noreply at wordpress.org
Tue Nov 1 00:44:04 UTC 2016 

#32315: $wpdb->insert fails without error msg
------------------------------------------+------------------------------
 Reporter:  dlt101                        |       Owner:
     Type:  defect (bug)                  |      Status:  reopened
 Priority:  normal                        |   Milestone:  Awaiting Review
Component:  Database                      |     Version:
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:
------------------------------------------+------------------------------

Comment (by dd32):

 Replying to [comment:14 mnelson4]:
 > So if an insert fails because a value is too long for its column, where
 should the error message go?
 > `$wpdb->last_error` just contains MySQL errors, but this error would be
 generated by WordPress itself and so no MySQL query is actually ran (or
 generated, in fact).

 I would just re-use it myself. An error coming from MySQL or from
 WordPress should be handled the same, if `print_error()` is called with a
 MySQL error this should also hit it. At the end of the day simplicity
 above all, plugins and code should just be able to check the property for
 "did an error occur?" regardless of what triggered it.

 Replying to [comment:15 datainterlock]:
 > Php Mysqli truncates and inserts. That's how wp should work. Most plugin
 devs will assume this and not even perform an error check. I did and I'm
 betting a lot of current plugins still do. My advise, find another way to
 fix the security hole instead of changing php conventional methods.

 The alternatives to what we currently do is to put MySQL into strict mode,
 which would cause the queries to fail. Unfortunately during investigation
 we realised this wasn't a viable solution and had to handle it ourselves.
 Simply truncating data isn't an option, and any application which relies
 upon that behaviour and inserts user-provided data into a table is
 potentially vulnerable to a range of issues (feel free to ping me directly
 on Slack: @dd32 if you want to discuss what those are).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32315#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list