[wp-trac] [WordPress Trac] #32315: $wpdb->insert fails without error msg

WordPress Trac noreply at wordpress.org
Mon Nov 7 05:04:17 UTC 2016 

#32315: $wpdb->insert fails without error msg
------------------------------------------+------------------------------
 Reporter:  dlt101                        |       Owner:
     Type:  defect (bug)                  |      Status:  reopened
 Priority:  normal                        |   Milestone:  Awaiting Review
Component:  Database                      |     Version:
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:
------------------------------------------+------------------------------

Comment (by datainterlock):

 Replying to [comment:23 pento]:
 > Replying to [comment:22 datainterlock]:
 > > If you're dead set on making this error, tell me. What's the purpose
 of having insert and update when wp-query WILL truncate and insert?
 >
 > `::query()` is generally used for more complex queries that don't fit
 into the CRUD model. It has a valid purpose, but it's not necessary for
 basic INSERT and UPDATE queries.
 >
 > > Why would i even waste my time coding a wp-insert when a wp-query
 wouldnt fail with the same exact query? In order to keep wp-insert from
 erroring, the vars will have to be checked for size prior to inserting. A
 huge waste and will still get truncated by the dev anyway. I say again, it
 should truncate and insert or update. That's how php works.
 >
 > You're welcome to do whatever you like on your own site, but I'd
 strongly recommend against it.
 >
 > As has been mentioned several times on this ticket, allowing the
 database to truncate the string will almost certainly introduce
 significant security issues, as any data sanitisation you've run prior to
 insert (for example, using KSES to remove invalid HTML), will no longer be
 valid.

 Ok, then what's the solution then when the data you're inserting is of
 unknown length yet you don't want to make every field a blob? So far, I've
 been criticized and accused of crying in this thread when I'm trying to
 point out that in the REAL WORLD of data, you don't always have the luxury
 of knowing the exact length of what you're trying to insert and giving the
 end user truncated data is more valuable than no data at all.

 You have my opinion. I'm done here.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32315#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list