doctrine/archived-orm
1
0
Fork 0
mirror of https://github.com/doctrine/orm.git synced 2026-03-24 06:52:09 +01:00
Code Issues 5.3k Packages Projects Releases 100 Wiki Activity

ResultSetMappingBuilder creates a life of it's own and starts querying the database without being asked to, resulting in errors #6817

New Issue
Closed
opened 2026-01-22 15:39:23 +01:00 by admin · 1 comment
admin commented 2026-01-22 15:39:23 +01:00
Owner
Copy Link

Originally created by @ghost on GitHub (Sep 1, 2021).

I have a very simple code:

        $rsm = new ResultSetMappingBuilder($this->_em);
        $rsm->addRootEntityFromClassMetadata('App\Entity\Order', 'o');
        $query = $this->_em->createNativeQuery('CALL usp_order_s_orders()', $rsm);
        $orders = $query->getResult();

This code works at first. It calls the procedure and populates an array of Order entities.

However, if I add a one-to-one relation between the table Order and another table, say, OrderData, then the above code start QUERYING THE ORDERDATA TABLE.

Now, first of all this should NEVER happen. All queries going into and from the database in my application are controller via procedures, and are appropriately logged. No "SELECT" query should be emitted by Doctrine without me knowing about it. It is doing that under the hood, this behavior is completely undocumented, and this is a very, very bad security and design issue and makes me very worried about using Doctrine at all.

Second, this insane behavior also leads to a bug. The select query looks something like this

"SELECT t0.everyfieldintheworld WHERE t0.order_id = ? [1] FROM order_data"

Leading to this error message:

request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DriverException: "An exception occurred while executing Giant Query: SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute." at path/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php line 128 {"exception":"[object] (Doctrine\DBAL\Exception\DriverException(code: 0): An exception occurred while executing Giant Query:\n\nSQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at path/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php:128)\n[previous exception] [object] (Doctrine\DBAL\Driver\PDO\Exception(code: HY000): SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at path/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18)\n[previous exception] [object] (PDOException(code: HY000): SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at path/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:112)"} []

Originally created by @ghost on GitHub (Sep 1, 2021). I have a very simple code: ``` $rsm = new ResultSetMappingBuilder($this->_em); $rsm->addRootEntityFromClassMetadata('App\Entity\Order', 'o'); $query = $this->_em->createNativeQuery('CALL usp_order_s_orders()', $rsm); $orders = $query->getResult(); ``` This code works at first. It calls the procedure and populates an array of Order entities. However, if I add a one-to-one relation between the table Order and another table, say, OrderData, then the above code start QUERYING THE ORDERDATA TABLE. Now, first of all this should NEVER happen. All queries going into and from the database in my application are controller via procedures, and are appropriately logged. No "SELECT" query should be emitted by Doctrine without me knowing about it. It is doing that under the hood, this behavior is completely undocumented, and this is a very, very bad security and design issue and makes me very worried about using Doctrine at all. Second, this insane behavior also leads to a bug. The select query looks something like this "SELECT t0.everyfieldintheworld WHERE t0.order_id = ? [1] FROM order_data" Leading to this error message: request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DriverException: "An exception occurred while executing **Giant Query**: SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute." at **path**/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php line 128 {"exception":"[object] (Doctrine\\DBAL\\Exception\\DriverException(code: 0): An exception occurred while executing **Giant Query**:\n\nSQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at **path**/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php:128)\n[previous exception] [object] (Doctrine\\DBAL\\Driver\\PDO\\Exception(code: HY000): SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at **path**/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18)\n[previous exception] [object] (PDOException(code: HY000): SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute. at **path**/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:112)"} []
admin closed this issue 2026-01-22 15:39:23 +01:00
admin commented 2026-01-22 15:39:23 +01:00
Author
Owner
Copy Link

@derrabus commented on GitHub (Sep 2, 2021):

Duplicate of #8970

@derrabus commented on GitHub (Sep 2, 2021): Duplicate of #8970
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
BC Break
Bug
Can't Fix
Deprecation
Documentation
DQL
Duplicate
Failing Test
Hacktoberfest
Improvement
Improvement
Incomplete
Invalid
Missing Tests
New Feature
PR Created
pull-request
Mirrored from GitHub Pull Request
 Question
Regression
Status: Waiting feedback
Waiting feedback
WIP
Won't Fix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: doctrine/archived-orm#6817
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?