[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names

Xavier Perseguers typo3 at perseguers.ch
Sun Jun 21 08:59:41 CEST 2009


Hi,

REMINDER #1

(I forgot to take care of sending reminders and it got lost)

Regards

Xavier Perseguers wrote:
> Hi,
> 
> This is a SVN patch request.
> 
> Type: Bugfix
> 
> Branches: trunk
> 
> BT reference:
> http://bugs.typo3.org/view.php?id=11108
> 
> Problem:
> When issuing a query using $GLOBALS['TYPO3_DB']->exec_SELECTgetRows() 
> method for instance, the actual query being generated has all fields 
> quotes with the proper quote for the selected DBMS.
> 
> This is however done in a fully uncontrolled manner as all stuff get 
> quoted resulting in invalid SQL query being issued to the actual DBMS. 
> E.g., using a MSSQL backend, a query is like this:
> 
> SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
> 
> and that does not work, MSSQL complains that it cannot parse the query 
> (at least with ADOdb because using Query Analyzer, the query is 
> performed successfuly).
> 
> 
> Solution:
> Use ADOdb built-in function to quote fields and table names and... as it 
> performs a few tests to decide whether quoting is needed or not.
> 


-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away


More information about the TYPO3-team-core mailing list