PDOException when querying with asterisk
Script to reproduce:
import requests import json base_url = "https://play.asti.ga/rest/" username = "user@example" password = "password" client_name = "my_client" version = "1.16.0" token = password.encode('utf-8').hex() params = { 'u': username, 'p': f"enc:{token}", 'v': version, 'c': client_name, 'f': 'json', 'query': '*', 'songCount': '10', } response = requests.get(f"{base_url}search3", params=params) print(response.text)
I got the following response:
getSubsonicId failed.PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 in /var/www/astiga/play/app/Database.php:1718 Stack trace: #0 /var/www/astiga/play/app/Database.php(1718): PDOStatement->execute() #1 /var/www/astiga/play/app/Subsonic/SubsonicUtils.php(184): Astiga\Database->getSubsonicIds() #2 /var/www/astiga/play/app/Controllers/Subsonic/SearchingController.php(104): Astiga\Subsonic\SubsonicUtils::formatSongs() #3 /var/www/astiga/play/app/Controllers/Subsonic/SearchingController.php(135): Astiga\Controllers\Subsonic\SearchingController->searchGeneric() #4 /var/www/astiga/play/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(38): Astiga\Controllers\Subsonic\SearchingController->search3() #5 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/Route.php(363): Slim\Handlers\Strategies\RequestResponse->__invoke() #6 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Slim\Routing\Route->handle() #7 /var/www/astiga/play/app/Middlewares/SubsonicMiddleware.php(99): Slim\MiddlewareDispatcher->handle() #8 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(280): Astiga\Middlewares\SubsonicMiddleware->__invoke() #9 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle() #10 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/Route.php(321): Slim\MiddlewareDispatcher->handle() #11 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/RouteRunner.php(74): Slim\Routing\Route->run() #12 /var/www/astiga/play/app/Middlewares/CacheControlMiddleware.php(21): Slim\Routing\RouteRunner->handle() #13 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Astiga\Middlewares\CacheControlMiddleware->process() #14 /var/www/astiga/play/app/Middlewares/PartialPageMiddleware.php(15): Psr\Http\Server\RequestHandlerInterface@anonymous->handle() #15 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Astiga\Middlewares\PartialPageMiddleware->process() #16 /var/www/astiga/play/index.php(165): Psr\Http\Server\RequestHandlerInterface@anonymous->handle() #17 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(280): Closure->{closure}() #18 /var/www/astiga/play/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(77): Psr\Http\Server\RequestHandlerInterface@anonymous->handle() #19 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Middleware\ErrorMiddleware->process() #20 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle() #21 /var/www/astiga/play/vendor/slim/slim/Slim/App.php(209): Slim\MiddlewareDispatcher->handle() #22 /var/www/astiga/play/vendor/slim/slim/Slim/App.php(193): Slim\App->handle() #23 /var/www/astiga/play/index.php(214): Slim\App->run()
I tried several queries:
- 'a*' => Same error
- 'aa*' => Worked
- 'aaa*' => Worked
- '\*' => Same error
- '\\*' => Same error
- 'あ*' => Worked
What's wrong with the query?
Comments
Actually not only "*", but "?" causes the same error.
Thanks, we'll look into this.
Any update?
It's being addressed in the current milestone. The error is being fixed and something better returned. We're also looking at fixing the escaping. This one is a little down the list and may not make it into the next build, but we'll do our best.
Just to let you know: due to impending holiday, I've made the decision to postpone this release until around 22nd July. Sorry for this inconvenience...