Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.0b5

Bug #12381 Syntax error in quoteIdentifier with SQL containing emails
Submitted: 2007-11-04 13:29 UTC Modified: 2007-11-05 16:04 UTC
From: eadams Assigned: quipo
Status: Bogus Package: MDB2 (version 2.4.1)
PHP Version: 5.2.4 OS: CENTOS 4
Roadmaps: (Not assigned)    
Subscription  


 [2007-11-04 13:29 UTC] eadams (Evan Adams)
Description: ------------ When calling quoteIdentifier() with a query that contains an email address the following error is generated: MDB2 Error: syntax error Test script: --------------- $query = "SELECT * FROM user WHERE email = 'foo@bar.com'"; $mdb2->quoteIdentifier($query, True); Expected result: ---------------- SELECT * FROM "user" WHERE "email" = 'foo@bar.com' Actual result: -------------- MDB2 Error: syntax error

Comments

 [2007-11-04 13:35 UTC] eadams (Evan Adams)
Sorry that should be SELECT user.* FROM user WHERE user.email = 'foo@bar.com'
 [2007-11-04 13:45 UTC] eadams (Evan Adams)
Did some more testing Ok it should return (using pgsql connection string) SELECT "user".* FROM "user" WHERE "user"."email" = 'foo@bar.com' Using mysql SELECT 'user'.* FROM 'user' WHERE 'user'.'email' = 'foo@bar.com' What it returns in both cases: "SELECT user.* FROM user WHERE user.email = 'foo@bar.com'" The syntax error was coming from trying to execute, so quoteIdentifier is just not properly parsing.
 [2007-11-05 16:04 UTC] quipo (Lorenzo Alberton)
quoteIdentifier() doesn't "parse" anything, you're using it incorrectly. It's supposed to quote an identifier, not all the identifiers within a string. $query = "SELECT * FROM " . $mdb2->quoteIdentifier("user", true). " WHERE " . $mdb2->quoteIdentifier("user", true) . " = " . $mdb2->quote('foo@bar.com', 'text');