View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006570 | OXID eShop (all versions) | 4.01. Database handling | public | 2017-01-09 11:49 | 2024-04-03 09:16 |
| Reporter | tjungcl | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | random |
| Status | confirmed | Resolution | open | ||
| Product Version | 4.10.2 / 5.3.2 | ||||
| Summary | 0006570: oxbase save function can cause sql error | ||||
| Description | The function oxbase->save() first checks if data exists, then either inserts or updates. Since those are two seperate operations, they are not atomic. -> The data may not exist when checking but be present when the insert operation runs a moment later. | ||||
| Steps To Reproduce | Not reproducable, but visible in the exception-log. | ||||
| Additional Information | oxConnectionException-oxException (time: 2017-01-09 10:55:04): [1062]: mysqli error: [1062: Duplicate entry 'xxx' for key 'PRIMARY'] in EXECUTE (Insert into oxuserbaskets set oxid = 'xxx',oxuserid = 'yyy',oxtitle = 'savedbasket',oxpublic = '1',oxupdate = 'zzz', Array) with user xyz Stack Trace: #0 /var/www/html/core/adodblite/adodbSQL_drivers/mysqli/mysqli_driver.inc(359): adodb_throw('mysqli', 'EXECUTE', 1062, 'Duplicate entry...', 'Insert into oxu...', Array, Object(object_ADOConnection)) #1 /var/www/html/core/adodblite/adodb.inc.php(316): mysqli_driver_ADOConnection->do_query('Insert into oxu...', -1, -1, Array) #2 /var/www/html/core/oxlegacydb.php(236): ADOConnection->Execute('Insert into oxu...', Array) #3 /var/www/html/core/oxbase.php(1853): oxLegacyDb->execute('Insert into oxu...') #4 /var/www/html/application/models/oxuserbasket.php(82): oxBase->_insert() #5 /var/www/html/core/oxbase.php(1073): oxUserBasket->_insert() #6 /var/www/html/application/models/oxuserbasket.php(311): oxBase->save() | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | 5.6 | ||||
| Database Version | Not defined | ||||
|
|
Regarding the following statement - "The data may not exist when checking but be present when the insert operation runs a moment later." Can you provide any instance( or scenario ) when data could inserted between the CHECK and INSERT/UPDATE functions. |
|
|
Yes if the shopsystem loads multiple request via ajax, several php instances run with identical session data. In that scenario ( and with a little bad luck) the error occures. |
|
|
This has changed a little, but it is still not safe against dirty reads: https://github.com/OXID-eSales/oxideshop_ce/blob/d812f3f871a68013615b3cda7ab88a6c27aead67/source/Core/Model/BaseModel.php#L889 |
