Bug #66104
closed
ext_tables.sql all fields-names should be properly escaped
0%
Description
All field-names in ext_tables.sql and processing in install-tool/extension-installation should properly escape field-names (f.e. in MySQL using "`myfield`").
If you want to have a table named "order" f.e. for an extbase shop having relations within other tables, you run into real problems as the name "ORDER" is system-preserved if it is not properly escaped (meaning MySQL ORDER).
This causes serious problems as in Extbase it is recommended to use singulare-names on tables, so "orders" isn't a real good name for the table.
If all fields are escaped properly and the escaping is properly preserved in install-tool and other places, the Database will not mistype it as system-command "ORDER".
Currently escaping the field in ext_tables.sql does not solve this, as the Install-Tool still transforms the Query into an Alter-Statement (original table already exists) and strips off my escaping.
Updated by Morton Jonuschat over 8 years ago
- Category set to Install Tool
- Status changed from New to Closed
- Assignee set to Morton Jonuschat
Escaping fields with a backtick in the ext_tables.sql file is not supported and leads to problems with EXT:dbal and database systems that don't support the non-standard backtick escape MySQL uses.
We strongly advise against using reserved keywords in schema definitions.