#011412: AuthenticationDatabaseTieIn can trigger PDO General Error 2014 with MySQL

Description:

When using the AithenticationDatabaseTieIn, the database_filter.php can generate the following error against a MySQL DB:

PDOException: SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. in /var/www/juniper/htdocs/ezc/Database/src/sqlabstraction/query.php on line 354

The issue stems from the ezcAuthenticationDatabaseFilter->run() method. It first runs a query to determine if the username exists, and then runs a second query to see if the password is correct.

The problem code is this section: 


[...]
        $rows = $query->prepare();
        $rows->execute();
        $count = (int)$rows->fetchColumn( 0 );
        if ( $count === 0 )
        {
            return self::STATUS_USERNAME_INCORRECT;
        }

        // see if username has the specified password
        $query = new ezcQuerySelect( $db->instance );
        $e = $query->expr;
        $query->select( 'COUNT( ' . $db->instance->quoteIdentifier( $db->fields[0] ) . '  )' )
              ->from( $db->instance->quoteIdentifier( $db->table ) )
              ->where( $e->lAnd(
                  $e->eq( $db->instance->quoteIdentifier( $db->fields[0] ), $query->bindValue( $credentials->id ) ),
                  $e->eq( $db->instance->quoteIdentifier( $db->fields[1] ), $query->bindValue( $credentials->password ) )
                     ) );
        $rows = $query->prepare();
[...]

The $rows still has a buffered resultset of usernames, then a query is prepared to query the password.

Adding a PDO closeCursor commadn corrects the issue:


[...]
        $rows->execute();
        $count = (int)$rows->fetchColumn( 0 );
        if ( $count === 0 )
        {
            return self::STATUS_USERNAME_INCORRECT;
        }
        $rows->closeCursor();

        // see if username has the specified password
        $query = new ezcQuerySelect( $db->instance );
[...]


Environment:

Operating System: Ubuntu Edgy Eft Server
PHP Version: 5.1.6
Database and version: MySQL 5.0.24
Browser (and version): Firefox 2.0.0.6


- Attachments
authentication_database_filter_close_query.patch (412 b)
[Download] [Permanent Link]
Patch to add cursor close to database_filter.php

- Comments

Fixed in rev. 6186. It will be available in AuthenticationDatabaseTiein 1.1alpha1.

#253707 by Alexandru Stanoi on September 18th, 2007 [Permanent Link]

- History
Load History
Properties
Type Bug
Priority Medium
Component Components » AuthenticationDatabaseTiein
Affects 1.0 - AuthenticationDatabaseTiein 1.0
Fix Versions 1.1alpha1 - AuthenticationDatabaseTiein 1.1alpha1
2007.2alpha1 - eZ components 2007.2alpha1
Reporter Joe Kepley
Responsible Alexandru Stanoi
Status 0 Closed
Resolution Fixed
Created September 7th, 2007
Updated September 18th, 2007
Resolved September 18th, 2007
 
Navigation [Permanent Link]
Previous Issue
Back to Issues List
Next Issue: #015537
  Graph shows to small and truncated rotated axis labels