Fatal error with MySQL 8 due to double quotes ("") #2799
Description
- I've read the Troubleshooting First Steps
- This request isn't a duplicate of an existing issue, opened or closed
- I've read the docs and followed them (if applicable)
- This is not a personal support request that should be posted on the YOURLS Discourse community
Describe the bug
When using MySQL 8 (MySQL 5.x is unaffected) YOURLS encounters a fatal error when running a YOURLS search in the admin.
The error is:
[07-Dec-2020 15:59:29 UTC] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column '' in 'where clause' in /includes/vendor/aura/sql/src/ExtendedPdo.php:752
Stack trace:
#0 /includes/vendor/aura/sql/src/ExtendedPdo.php(752): PDOStatement->execute()
#1 /includes/vendor/aura/sql/src/ExtendedPdo.php(485): Aura\Sql\ExtendedPdo->perform('SELECT COUNT(ke...', Array)
#2 /includes/functions.php(691): Aura\Sql\ExtendedPdo->fetchObject('SELECT COUNT(ke...', Array)
#3 /admin/index.php(153): yourls_get_db_stats(Array)
#4 {main}
thrown in /includes/vendor/aura/sql/src/ExtendedPdo.php on line 752
To Reproduce
- Install on MySQL 8
- Search Yourls using 'search for' term in admin search function, no other parameters.
Expected behavior
Should return a results page for search
Actual behavior
Fatal error produced as above
Versions
Latest version 1.7.9
Additional context
The problem is alluded to here:
https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql
MySQL prefers single quotes for string literals, but does support double quotes in some circumstances. It appears that MySQL 8 is less forgiving when using double quotes for strings.
It turns out that the fix for this is trivial.
File: admin/index.php
Line: 64
Replace double quotes in CONCAT_WS:
$where['sql'] .= ' AND CONCAT_WS("",`keyword`,`url`,`title`,`ip`) LIKE (:search)';with single quotes:
$where['sql'] .= " AND CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE (:search)";