PDOException when querying with asterisk

tpytpy Member
in Bugs

Script to reproduce:

import requests

import json




base_url = "https://play.asti.ga/rest/"

username = "user@example"

password = "password"

client_name = "my_client"

version = "1.16.0"




token = password.encode('utf-8').hex()




params = {

    'u': username,

    'p': f"enc:{token}",

    'v': version,

    'c': client_name,

    'f': 'json',

    'query': '*',

    'songCount': '10',

}




response = requests.get(f"{base_url}search3", params=params)

print(response.text)

I got the following response:

getSubsonicId failed.PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 in /var/www/astiga/play/app/Database.php:1718

Stack trace:

#0 /var/www/astiga/play/app/Database.php(1718): PDOStatement->execute()

#1 /var/www/astiga/play/app/Subsonic/SubsonicUtils.php(184): Astiga\Database->getSubsonicIds()

#2 /var/www/astiga/play/app/Controllers/Subsonic/SearchingController.php(104): Astiga\Subsonic\SubsonicUtils::formatSongs()

#3 /var/www/astiga/play/app/Controllers/Subsonic/SearchingController.php(135): Astiga\Controllers\Subsonic\SearchingController->searchGeneric()

#4 /var/www/astiga/play/vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(38): Astiga\Controllers\Subsonic\SearchingController->search3()

#5 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/Route.php(363): Slim\Handlers\Strategies\RequestResponse->__invoke()

#6 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Slim\Routing\Route->handle()

#7 /var/www/astiga/play/app/Middlewares/SubsonicMiddleware.php(99): Slim\MiddlewareDispatcher->handle()

#8 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(280): Astiga\Middlewares\SubsonicMiddleware->__invoke()

#9 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()

#10 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/Route.php(321): Slim\MiddlewareDispatcher->handle()

#11 /var/www/astiga/play/vendor/slim/slim/Slim/Routing/RouteRunner.php(74): Slim\Routing\Route->run()

#12 /var/www/astiga/play/app/Middlewares/CacheControlMiddleware.php(21): Slim\Routing\RouteRunner->handle()

#13 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Astiga\Middlewares\CacheControlMiddleware->process()

#14 /var/www/astiga/play/app/Middlewares/PartialPageMiddleware.php(15): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()

#15 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Astiga\Middlewares\PartialPageMiddleware->process()

#16 /var/www/astiga/play/index.php(165): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()

#17 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(280): Closure->{closure}()

#18 /var/www/astiga/play/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(77): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()

#19 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Middleware\ErrorMiddleware->process()

#20 /var/www/astiga/play/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()

#21 /var/www/astiga/play/vendor/slim/slim/Slim/App.php(209): Slim\MiddlewareDispatcher->handle()

#22 /var/www/astiga/play/vendor/slim/slim/Slim/App.php(193): Slim\App->handle()

#23 /var/www/astiga/play/index.php(214): Slim\App->run()


I tried several queries:

  • 'a*' => Same error
  • 'aa*' => Worked
  • 'aaa*' => Worked
  • '\*' => Same error
  • '\\*' => Same error
  • 'あ*' => Worked

What's wrong with the query?

Comments

  • tpytpy Member

    Actually not only "*", but "?" causes the same error.

  • gravelldgravelld Administrator

    Thanks, we'll look into this.

  • tpytpy Member

    Any update?

  • gravelldgravelld Administrator

    It's being addressed in the current milestone. The error is being fixed and something better returned. We're also looking at fixing the escaping. This one is a little down the list and may not make it into the next build, but we'll do our best.

  • gravelldgravelld Administrator

    Just to let you know: due to impending holiday, I've made the decision to postpone this release until around 22nd July. Sorry for this inconvenience...

Sign In or Register to comment.