Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Run unsafe queries without a WHERE clause" when update statement is commented out! #685

Closed
somethingweird opened this issue Jun 20, 2019 · 4 comments
Labels
bug
Milestone

Comments

@somethingweird
Copy link

@somethingweird somethingweird commented Jun 20, 2019

HeidiSQL Version 10.2.0.5599

Steps to reproduce this issue

  1. In Query tab - just entered "# UPDATE ANYTABLE SET FIELD=1"
  2. Execute Query
  3. Confirmation Dialog will pop up "Run unsafe queries without a WHERE clause"

Should it bring up the confirmation dialog even
if the update SQL statement is commented out?

@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

@ansgarbecker ansgarbecker commented Jun 21, 2019

This is certainly a bug. HeidiSQL obviously does not check whether the update or delete command is just a comment.

@ansgarbecker ansgarbecker added the bug label Jun 21, 2019
@ansgarbecker ansgarbecker added this to the v10.3 milestone Jun 21, 2019
@somethingweird

This comment has been minimized.

Copy link
Author

@somethingweird somethingweird commented Jul 29, 2019

Update, addition bugs related to this issue.

  1. In Query Tab - enter
# UPDATE ANYTABLE SET FIELD=1 WHERE 1=1
UPDATE ANYTABLE SET FIELD=1
  1. bypass the confirmation dialog - "Run unsafe queries without a where clause"

This also is true if you have two uncommented update statements, first statement with a where clause and second statement has no where clause.

@decadence

This comment has been minimized.

Copy link

@decadence decadence commented Sep 20, 2019

I ran into this problem today with this query:

# UPDATE import_row
# SET category_id = (
	SELECT id 
	FROM bank_categories 
	ORDER BY RAND()
	LIMIT 1
# )
@ansgarbecker

This comment has been minimized.

Copy link
Collaborator

@ansgarbecker ansgarbecker commented Oct 29, 2019

Most of these queries should no longer fool HeidiSQL here.
Though there are some exotic remainders which I did not care too much for now, e.g. when a string literal contains a "where" keyword:

UPDATE foo SET bar=' where ';
ansgarbecker added a commit that referenced this issue Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.