| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 2.5.0b5 |
| Bug #12381 | Syntax error in quoteIdentifier with SQL containing emails | ||
|---|---|---|---|
| Submitted: | 2007-11-04 18:29 UTC | ||
| From: | eadams | Assigned: | quipo |
| Status: | Bogus | Package: | MDB2 (version 2.4.1) |
| PHP Version: | 5.2.4 | OS: | CENTOS 4 |
| Roadmaps: | (Not assigned) | ||
[2007-11-04 18:29 UTC] eadams
(Evan Adams)
Description:
------------
When calling quoteIdentifier() with a query that contains an email address the following error is generated:
MDB2 Error: syntax error
Test script:
---------------
$query = "SELECT * FROM user WHERE email = 'foo@bar.com'";
$mdb2->quoteIdentifier($query, True);
Expected result:
----------------
SELECT * FROM "user" WHERE "email" = 'foo@bar.com'
Actual result:
--------------
MDB2 Error: syntax error
Comments
[2007-11-04 18:35 UTC] eadams
(Evan Adams)
Sorry that should be
SELECT user.* FROM user WHERE user.email = 'foo@bar.com'
[2007-11-04 18:45 UTC] eadams
(Evan Adams)
Did some more testing
Ok it should return (using pgsql connection string)
SELECT "user".* FROM "user" WHERE "user"."email" = 'foo@bar.com'
Using mysql
SELECT 'user'.* FROM 'user' WHERE 'user'.'email' = 'foo@bar.com'
What it returns in both cases:
"SELECT user.* FROM user WHERE user.email = 'foo@bar.com'"
The syntax error was coming from trying to execute, so quoteIdentifier is just not properly parsing.
[2007-11-05 21:04 UTC] quipo
(Lorenzo Alberton)
quoteIdentifier() doesn't "parse" anything, you're using it incorrectly. It's supposed to quote an identifier, not all the identifiers within a string.
$query = "SELECT * FROM " . $mdb2->quoteIdentifier("user", true). " WHERE " . $mdb2->quoteIdentifier("user", true) .
" = " . $mdb2->quote('foo@bar.com', 'text');