[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names

Xavier Perseguers typo3 at perseguers.ch
Sun Jul 19 10:41:59 CEST 2009


Hi,

REMINDER #5



Xavier Perseguers wrote:
> Hi,
> 
> REMINDER #4
> 
> 
> Xavier Perseguers wrote:
>> Hi,
>>
>> REMINDER #3
>>
>>
>> Xavier Perseguers wrote:
>>> Hi,
>>>
>>> REMINDER #2
>>>
>>>
>>> Xavier Perseguers wrote:
>>>> Hi,
>>>>
>>>> This is a SVN patch request.
>>>>
>>>> Type: Bugfix
>>>>
>>>> Branches: trunk
>>>>
>>>> BT reference:
>>>> http://bugs.typo3.org/view.php?id=11108
>>>>
>>>> Problem:
>>>> When issuing a query using 
>>>> $GLOBALS['TYPO3_DB']->exec_SELECTgetRows() method for instance, the 
>>>> actual query being generated has all fields quotes with the proper 
>>>> quote for the selected DBMS.
>>>>
>>>> This is however done in a fully uncontrolled manner as all stuff get 
>>>> quoted resulting in invalid SQL query being issued to the actual 
>>>> DBMS. E.g., using a MSSQL backend, a query is like this:
>>>>
>>>> SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
>>>>
>>>> and that does not work, MSSQL complains that it cannot parse the 
>>>> query (at least with ADOdb because using Query Analyzer, the query 
>>>> is performed successfuly).
>>>>
>>>>
>>>> Solution:
>>>> Use ADOdb built-in function to quote fields and table names and... 
>>>> as it performs a few tests to decide whether quoting is needed or not.
>>>>
>>>
>>>
>>
>>
> 
> 


-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away


More information about the TYPO3-team-core mailing list