Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.0b5

Bug #11906 quoteIdentifier fails for names with dots
Submitted: 2007-08-24 16:11 UTC
From: brunobg Assigned: quipo
Status: Closed Package: MDB2 (version 2.4.1)
PHP Version: 5.2.3 OS: Linux
Roadmaps: (Not assigned)    
Subscription  


 [2007-08-24 16:11 UTC] brunobg (Bruno Barberi Gnecco)
Description: ------------ quoteIdentifier() in MDB2 doesn't take into account dots (.), which at least for mysql have to be taken into consideration. For example: 'SELECT * FROM ' . $db->quoteIdentifier('database.table') . ' WHERE id > 0' should return 'SELECT * FROM `database`.`table` WHERE id > 0 and not 'SELECT * FROM `database.table` WHERE id > 0 Test script: --------------- $db->quoteIdentifier('database.table'); Expected result: ---------------- `database`.`table` Actual result: -------------- database.table

Comments

 [2007-09-09 14:10 UTC] quipo (Lorenzo Alberton)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.
 [2007-10-05 12:31 UTC] danielc (Daniel Convissor)
Lorenzo: Pardon my commenting so late in the process and without looking at the code... The users in this case should quote the database and table names separately. The are two separate identifiers. I'm saying this because what if some database designer put a period in the table name itself? While this is a really bad idea, the database supports it. I'm guessing that MDB2 now no longer allows this.
 [2007-10-05 13:18 UTC] quipo (Lorenzo Alberton)
Hi Daniel, thanks for bringing this issue out. The current implementation splits the string using the period as delimiter, quotes the single parts and joins them back. This could indeed be a problem in the case you mention. On the other hand, I can't revert it because there are many applications (for instance, DB_DataObject) which internally use both the "table" and the "schema.table" syntaxes, and call quoteIdentifier() in both cases, unaware of the actual identifier syntax used at any time. Theoretically the current implementation should also allow a syntax like "[namespace|schema].table.field". So, unless there's a way to handle every case, I guess I'll leave things as-is, and put a warning in the docs...
 [2007-10-06 10:47 UTC] quipo (Lorenzo Alberton)
I've added a warning in the phpdoc and in the manual
 [2007-11-04 18:18 UTC] eadams (Evan Adams)
quoteIdentifier also fails when fields contain email addresses.
 [2007-11-09 19:53 UTC] quipo (Lorenzo Alberton)
For the record, the last comment was due to invalid usage of quoteIdentifier(). @see bug #12381.