comanage-dev - Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?
Subject: COmanage Developers List
List archive
- From: Benn Oshrin <>
- To: Tom Zeller <>
- Cc:
- Subject: Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?
- Date: Wed, 7 Jun 2017 08:47:54 -0400
- Ironport-phdr: 9a23:fBls3hdvMam7atPD8nknQHjBlGMj4u6mDksu8pMizoh2WeGdxcS8Yh7h7PlgxGXEQZ/co6odzbGH7Oa+ACddvN6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCzbL52Lhi6twTcutQZjYZiKqs61wfErGZPd+lK321jOEidnwz75se+/Z5j9zpftvc8/MNeUqv0Yro1Q6VAADspL2466svrtQLeTQSU/XsTTn8WkhtTDAfb6hzxQ4r8vTH7tup53ymaINH2QLUpUjms86tnVBnlgzocOjUn7G/YlNB/jKNDoBKguRN/xZLUYJqIP/Z6Z6/RYM8WSXZEUstXSidPAJ6zb5EXAuQcI+hYoYnzqVgAoxSwCgajBv/gxDBTi3/q36A3yfgtHR3I0QEiGd8FrXTarM/yNKcXSe240bfHzTPFb/hLwDn984jIcgogofGKQLl9dtHexlcpFwPDiVWdso3lPzWJ1usTqWib6fRvVf6xh2I9tQ5+vyWvy94qh4LUiIwVzVXE+j94wIYzPdC4TU56YcW9EJtUrS2VK4x2QsYkTmp1uyg60qULtYCncCUJ0pgqwxzSZ+aaf4WG/B7vTvidLSt7iX59dr+yhAy+/VW+xuDyTMW4zVhHoytfntXStn0A2Bre4dWdRPRn5EeuwzOP2hjT6u5aJUA0krLWK54mwr41l5ocr0HDETX3mEXylaOZbEEp9+yy5+ToeLnpu4WcOJFuhQH7MqQunde/AfgiPgcSWGib/Pyw1Lzl/ULnXLVHluM6nrXavZzAIckWpLS1DxJb34o98RqzESuq3dcAkXkCNl1FeRaHj4bzO1HJJfD1FeywjEqqkDdtwPDLJbzhApPRLnfdirfhe6hy61JCxAYp099Q+o9UBqkbIP3vQk/xqMDYDhghPgOoxObnDc9y1oUEVmKAHKCVKb7dvkGW5u80J+mMZZQVuCrmK/Q7/fLujHk5mUMDcqmz25sYdmy4Eup8L0qHfHXsn4RJLWBfgg07BN7njFmPS3YHe2S/W6Yx/BkgEIKrF4bIT4Smh6OOxiCmBttdYWUQWX6WFnK9XYiCXb8rcyKII8kpxjYJU76mY44nyRy0sgLmkfxqIveCqX5Qjo7qyNUgv76brho17zEhSp3Fi2w=
Cake 3 has a quoteIdentifier() function on the database driver that does
that, but Cake 2 does not appear to have an equivalent. As such, for now
I don't think we can quote keywords since we don't want to hack around
in the core code. We should file a JIRA for FUTURE and have it depend on
CO-1073.
That leaves us with two options:
(1) Maintain a list of reserved keywords and write a custom validator.
(2) Update the documentation to say "don't use a reserved keyword".
Maybe also put a note in the appropriate form field.
I'm inclined to go with (2). This is an edge case.
It appeared CO-1441 actually had a second issue (table already exists)
reported? Or maybe that got covered by a separate ticket?
Thanks,
-Benn-
On 6/5/17 5:26 PM, Tom Zeller wrote:
> It looks like the fundamental error in CO-1441 is attempting to create
> a column whose name is a reserved SQL word (in MySQL) : 'int1'.
>
> One fix is to escape the column name / reserved word. Another is to
> dis-allow reserved words.
>
> Anyone know if there is a db-agnostic function in PHP or CakePHP for
> escaping SQL strings ?
>
> I see mysqli->real_escape_string() and pg_escape_string(), but
> obviously those are db-specific.
>
> Thanks !
> Tom
>
> https://dev.mysql.com/doc/refman/5.5/en/keywords.html
>
- [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Tom Zeller, 06/05/2017
- Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Benn Oshrin, 06/07/2017
- Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Tom Zeller, 06/08/2017
- Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Tom Zeller, 06/08/2017
- Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Tom Zeller, 06/08/2017
- Re: [comanage-dev] CO-1441 escape or avoid reserved SQL words ?, Benn Oshrin, 06/07/2017
Archive powered by MHonArc 2.6.19.