Log Service : When sql syntax error occurs, log sql in error level. (#…

…2443)

* Factory : nameFilter protect against multiple `-` in search term.
* LogService : When sql syntax error occurs, log sql in error level.

lib/Factory/BaseFactory.php

@@ -362,8 +362,15 @@ protected function parseComparisonOperator($variable)
      * @param array $params Array of parameters passed by reference
      * @param bool $useRegex flag to match against a regex pattern
      */
-    public function nameFilter($tableName, $tableColumn, $terms, &$body, &$params, $useRegex = false, $logicalOperator = 'OR')
-    {
+    public function nameFilter(
+        $tableName,
+        $tableColumn,
+        $terms,
+        &$body,
+        &$params,
+        $useRegex = false,
+        $logicalOperator = 'OR'
+    ) {
         $i = 0;
 
         $tableAndColumn = $tableName . '.' . $tableColumn;
@@ -377,7 +384,7 @@ public function nameFilter($tableName, $tableColumn, $terms, &$body, &$params, $
             $searchName = trim($searchName);
 
             // Discard any incompatible
-            if ($searchName === '-' || empty($searchName)) {
+            if (empty(ltrim($searchName, '-')) || empty($searchName)) {
                 continue;
             }
 

lib/Service/LogService.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright (C) 2023 Xibo Signage Ltd
+ * Copyright (C) 2024 Xibo Signage Ltd
  *
  * Xibo - Digital Signage - https://xibosignage.com
  *
@@ -147,14 +147,17 @@ public function audit($entity, $entityId, $message, $object)
     /**
      * @inheritdoc
      */
-    public function sql($sql, $params)
+    public function sql($sql, $params, $logAsError = false)
     {
-        if (strtolower($this->mode) == 'test') {
+        if (strtolower($this->mode) == 'test' || $logAsError) {
             $paramSql = '';
             foreach ($params as $key => $param) {
                 $paramSql .= 'SET @' . $key . '=\'' . $param . '\';' . PHP_EOL;
             }
-            $this->log->debug($paramSql . str_replace(':', '@', $sql));
+
+            ($logAsError)
+                ? $this->log->error($paramSql . str_replace(':', '@', $sql))
+                : $this->log->debug($paramSql . str_replace(':', '@', $sql));
         }
     }
 

lib/Service/LogServiceInterface.php

@@ -1,8 +1,8 @@
 <?php
-/**
- * Copyright (C) 2021 Xibo Signage Ltd
+/*
+ * Copyright (C) 2024 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -23,7 +23,6 @@
 
 namespace Xibo\Service;
 
-use Monolog\Logger;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -77,9 +76,10 @@ public function audit($entity, $entityId, $message, $object);
     /**
      * @param $sql
      * @param $params
+     * @param bool $logAsError
      * @return mixed
      */
-    public function sql($sql, $params);
+    public function sql($sql, $params, $logAsError = false);
 
     /**
      * @param string

lib/Storage/PdoStorageService.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright (C) 2023 Xibo Signage Ltd
+ * Copyright (C) 2024 Xibo Signage Ltd
  *
  * Xibo - Digital Signage - https://xibosignage.com
  *
@@ -334,13 +334,18 @@ public function select($sql, $params, $connection = 'default', $reconnect = fals
             }
             return $records;
         } catch (\PDOException $PDOException) {
+            $errorCode = $PDOException->errorInfo[1] ?? $PDOException->getCode();
+
+            // syntax error, log the sql and params in error level.
+            if ($errorCode == 1064 && $this->log != null) {
+                $this->log->sql($sql, $params, true);
+            }
+
             // Throw if we're not expected to reconnect.
             if (!$reconnect) {
                 throw $PDOException;
             }
 
-            $errorCode = $PDOException->errorInfo[1] ?? $PDOException->getCode();
-
             if ($errorCode != 2006) {
                 throw $PDOException;
             } else {