[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names
Xavier Perseguers
typo3 at perseguers.ch
Sun May 17 20:21:28 CEST 2009
Hi,
This is a SVN patch request.
Type: Bugfix
Branches: trunk
BT reference:
http://bugs.typo3.org/view.php?id=11108
Problem:
When issuing a query using $GLOBALS['TYPO3_DB']->exec_SELECTgetRows()
method for instance, the actual query being generated has all fields
quotes with the proper quote for the selected DBMS.
This is however done in a fully uncontrolled manner as all stuff get
quoted resulting in invalid SQL query being issued to the actual DBMS.
E.g., using a MSSQL backend, a query is like this:
SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
and that does not work, MSSQL complains that it cannot parse the query
(at least with ADOdb because using Query Analyzer, the query is
performed successfuly).
Solution:
Use ADOdb built-in function to quote fields and table names and... as it
performs a few tests to decide whether quoting is needed or not.
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 11108.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090517/1eab2177/attachment.txt
More information about the TYPO3-team-core
mailing list