[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names
Karsten Dambekalns
karsten at typo3.org
Mon May 18 11:01:06 CEST 2009
Hi.
On 17.05.2009, at 20:21, Xavier Perseguers wrote:
> This is however done in a fully uncontrolled manner as all stuff get
> quoted resulting in invalid SQL query being issued to the actual
> DBMS. E.g., using a MSSQL backend, a query is like this:
>
> SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
>
> and that does not work, MSSQL complains that it cannot parse the
> query (at least with ADOdb because using Query Analyzer, the query
> is performed successfuly).
You found the documentation for the annoyance already... ;)
> Use ADOdb built-in function to quote fields and table names and...
> as it performs a few tests to decide whether quoting is needed or not.
I bet a beer that that function did not exist/work back when I created
the quoting code! ;)
Is it available in all backends and does it quote correctly on Oracle
as well? If it does, this makes sense, of course and get's a +1 by
reading from me...
Regards,
Karsten
--
Karsten Dambekalns
Gimme Five!
http://typo3.org/gimmefive
More information about the TYPO3-team-core
mailing list