[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names
Xavier Perseguers
typo3 at perseguers.ch
Sun Jul 12 12:07:10 CEST 2009
Hi,
REMINDER #4
Xavier Perseguers wrote:
> Hi,
>
> REMINDER #3
>
>
> Xavier Perseguers wrote:
>> Hi,
>>
>> REMINDER #2
>>
>>
>> Xavier Perseguers wrote:
>>> Hi,
>>>
>>> This is a SVN patch request.
>>>
>>> Type: Bugfix
>>>
>>> Branches: trunk
>>>
>>> BT reference:
>>> http://bugs.typo3.org/view.php?id=11108
>>>
>>> Problem:
>>> When issuing a query using $GLOBALS['TYPO3_DB']->exec_SELECTgetRows()
>>> method for instance, the actual query being generated has all fields
>>> quotes with the proper quote for the selected DBMS.
>>>
>>> This is however done in a fully uncontrolled manner as all stuff get
>>> quoted resulting in invalid SQL query being issued to the actual
>>> DBMS. E.g., using a MSSQL backend, a query is like this:
>>>
>>> SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
>>>
>>> and that does not work, MSSQL complains that it cannot parse the
>>> query (at least with ADOdb because using Query Analyzer, the query is
>>> performed successfuly).
>>>
>>>
>>> Solution:
>>> Use ADOdb built-in function to quote fields and table names and... as
>>> it performs a few tests to decide whether quoting is needed or not.
>>>
>>
>>
>
>
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
More information about the TYPO3-team-core
mailing list