Project

General

Profile

Actions

Bug #20439

closed

DBAL wildly quotes fields and table names

Added by Xavier Perseguers over 15 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Should have
Category:
Database API (Doctrine DBAL)
Target version:
-
Start date:
2009-05-17
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When issuing a query using $GLOBALS['TYPO3_DB']->exec_SELECTgetRows() method for instance, the actual query being generated has all fields quotes with the proper quote for the selected DBMS.

This is however done in a fully uncontrolled manner as all stuff get quoted resulting in invalid SQL query being issued to the actual DBMS. E.g., using a MSSQL backend, a query is like this:

SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234

and that does not work, MSSQL complains that it cannot parse the query (at least with ADOdb because using Query Analyzer, the query is performed successfuly).

Solution: Use ADOdb built-in function to quote fields and table names and... as it performs a few tests to decide whether quoting is needed or not.

(issue imported from #M11108)


Files

11108.diff (7.01 KB) 11108.diff Administrator Admin, 2009-05-17 20:19
11108_v2.diff (15 KB) 11108_v2.diff Administrator Admin, 2009-09-04 16:53
Actions #1

Updated by Xavier Perseguers about 15 years ago

Created v2 of patch as Oracle does not work properly with use of NameQuote() (ADOdb built-in function to quote fields and table names).

This new version adds an option "useNameQuote" to the configuration of the DBAL handler in $TYPO3_CONF_VARS['EXTCONF']['dbal']['handlerCfg']. It defaults to FALSE, meaning NameQuote is not used and existing install still use manual quoting of fields and table name.

Actions #2

Updated by Xavier Perseguers about 15 years ago

This patch was committed as revision 24017 on DBAL-trunk.

Actions

Also available in: Atom PDF