[TYPO3-core] RFC #11108: DBAL wildly quotes fields and table names
Xavier Perseguers
typo3 at perseguers.ch
Fri Sep 4 12:28:16 CEST 2009
Hi,
>>>>>> This is a SVN patch request.
>>>>>>
>>>>>> Type: Bugfix
>>>>>>
>>>>>> Branches: trunk
>>>>>>
>>>>>> BT reference:
>>>>>> http://bugs.typo3.org/view.php?id=11108
>>>>>>
>>>>>> Problem:
>>>>>> When issuing a query using
>>>>>> $GLOBALS['TYPO3_DB']->exec_SELECTgetRows() method for instance,
>>>>>> the actual query being generated has all fields quotes with the
>>>>>> proper quote for the selected DBMS.
>>>>>>
>>>>>> This is however done in a fully uncontrolled manner as all stuff
>>>>>> get quoted resulting in invalid SQL query being issued to the
>>>>>> actual DBMS. E.g., using a MSSQL backend, a query is like this:
>>>>>>
>>>>>> SELECT "Field1", "Field2" FROM "MyTable" WHERE "Uid" = 1234
>>>>>>
>>>>>> and that does not work, MSSQL complains that it cannot parse the
>>>>>> query (at least with ADOdb because using Query Analyzer, the query
>>>>>> is performed successfuly).
>>>>>>
>>>>>>
>>>>>> Solution:
>>>>>> Use ADOdb built-in function to quote fields and table names and...
>>>>>> as it performs a few tests to decide whether quoting is needed or
>>>>>> not.
I'm testing this patch again and I found a problem with the login screen/session management (weird!). Investigating where the problem comes from...
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
More information about the TYPO3-team-core
mailing list