I have found a BIG BUG in how Scriptcase handles all error messages reported from any type of database while inserting a new record in a form.
If the error message contains the word WARNING (capitals does not mind) then the error message is simply ignored and Scriptcase always reports that the record has been inserted successfully even if it is not true.
To reproduce the bug just log to scriptcase demo site and create this trigger on table Employees
Create trigger salary
BEFORE INSERT on Employees
FOR EACH ROW
BEGIN
IF new.salary > 5000 then
SIGNAL SQLSTATE â45000â SET MESSAGE_TEXT = âWarning. Salary over 5000 usdâ;
END if;
If you know SQL triggers you will understand that the goal of the trigger is to prevent the insertion of employee with a salary above 5000.
Try to enter two employees with a salary below and above 5000 respectively.
On both cases Scriptcase will say âRecord Inserted Successfullyâ which is clearly not true !
I have reported this bug to support and I am scared about the possible answer.
Like:
- Dont put the word warning in the trigger
or - Dont use trigger but use on Validate event to validate user input
or other workaroundâŚ
For those of you that like to inspect scriptcase generated code you can open the generated form app and search with your editor of choice for the word warning ⌠and ⌠be horrified by this IF statement
if (FALSE === strpos(strtoupper($this->Db->ErrorMsg()), "MAIL SENT") && FALSE === strpos(strtoupper($this->Db->ErrorMsg()), "WARNING"))`
2. ` {`
3. ` $dbErrorMessage = $this->Db->ErrorMsg();`
4. ` $dbErrorCode = $this->Db->ErrorNo();`
5. ` $this->handleDbErrorMessage($dbErrorMessage, $dbErrorCode);`
6. ` $this->Erro->mensagem (__FILE__, __LINE__, "banco", $this->Ini->Nm_lang['lang_errm_updt'], $dbErrorMessage, true);`
7. ` if (isset($_SESSION['scriptcase']['erro_handler']) && $_SESSION['scriptcase']['erro_handler']) `
8. ` { `
9. ` $this->sc_erro_update = $dbErrorMessage;`
10. ` $this->NM_rollback_db(); `
11. ` if ($this->NM_ajax_flag)`
12. ` {`
13. ` form_Employees_pack_ajax_response();`
14. ` }`
15. ` exit; `
16. ` } `
17. ` } `