Changeset:
7600498849d9
https://sourceforge.net/p/mrbs/hg-code/ci/7600498849d9dd8a72d706874934a8927674b0c7
Author:
Campbell Morrison <[email protected]>
Date:
Sat Dec 05 15:38:01 2015 +0000
Log message:
Added quoting of the table name in a qualified identifier to sql_quote().
diffstat:
web/dbsys.inc | 2 ++
web/mysqli.inc | 22 ++++------------------
web/pgsql.inc | 34 ++++++++++++++++------------------
3 files changed, 22 insertions(+), 36 deletions(-)
diffs (92 lines):
diff -r bfe364ee42a8 -r 7600498849d9 web/dbsys.inc
--- a/web/dbsys.inc Fri Dec 04 13:24:16 2015 +0000
+++ b/web/dbsys.inc Sat Dec 05 15:38:01 2015 +0000
@@ -84,6 +84,8 @@
// Quote a table or column name
+// NOTE: In PostgreSQL the identifier is also converted to lower case. See
+// the comments in pgsql.inc for an explanation.
function sql_quote($identifier)
{
global $dbsys;
diff -r bfe364ee42a8 -r 7600498849d9 web/mysqli.inc
--- a/web/mysqli.inc Fri Dec 04 13:24:16 2015 +0000
+++ b/web/mysqli.inc Sat Dec 05 15:38:01 2015 +0000
@@ -50,26 +50,12 @@
}
-// Quote a table or column name
+// Quote a table or column name (which could be a qualified identifier, eg
'table.column')
function sql_mysqli_quote($identifier)
{
- // Don't quote the alias, if there is one
- if (strpos($identifier, '.') === FALSE)
- {
- $column = $identifier;
- }
- else
- {
- list($alias, $column) = explode('.', $identifier, 2);
- }
-
- $result = '`' . $column . '`';
- if (isset($alias))
- {
- $result = $alias . '.' . $result;
- }
-
- return $result;
+ $quote_char = '`';
+ $parts = explode('.', $identifier);
+ return $quote_char . implode($quote_char . '.' . $quote_char, $parts) .
$quote_char;
}
diff -r bfe364ee42a8 -r 7600498849d9 web/pgsql.inc
--- a/web/pgsql.inc Fri Dec 04 13:24:16 2015 +0000
+++ b/web/pgsql.inc Sat Dec 05 15:38:01 2015 +0000
@@ -79,26 +79,24 @@
}
-// Quote a table or column name
+// Quote a table or column name (which could be a qualified identifier, eg
'table.column')
+
+// NOTE: We fold the identifier to lower case here even though it is quoted.
Unlike MySQL,
+// PostgreSQL folds identifiers to lower case, unless they are quoted.
However in MRBS we
+// normally want to quote an identifier in case it has characters such as
spaces in it, as
+// could be the case with user generated column names for custom fields. But
if we were also
+// to quote the table name, then queries such as 'SELECT * FROM mrbs_entry E
WHERE "E"."id"=2'
+// would fail because the alias 'E' is folded to 'e', but the WHERE clause
gives 'E.id'.
+// This means that we won't be able to distiguish in PostgreSQL between column
names that just
+// differ in case. But having column names differing in case would be
confusing anyway and so
+// should be discouraged. And a PostgreSQL user generating custom fields
would expect them to
+// be folded to lower case anyway, so presumably wouldn't try and create
column names differing
+// only in case.
function sql_pgsql_quote($identifier)
{
- // Don't quote the alias, if there is one
- if (strpos($identifier, '.') === FALSE)
- {
- $column = $identifier;
- }
- else
- {
- list($alias, $column) = explode('.', $identifier, 2);
- }
-
- $result = '"' . $column . '"';
- if (isset($alias))
- {
- $result = $alias . '.' . $result;
- }
-
- return $result;
+ $quote_char = '"';
+ $parts = explode('.', strtolower($identifier));
+ return $quote_char . implode($quote_char . '.' . $quote_char, $parts) .
$quote_char;
}
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
