[Bug 40959] New: DatabaseMysql::addIdentifierQuotes() is implemented incorrectly

bugzilla-daemon Thu, 11 Oct 2012 08:09:59 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=40959


       Web browser: ---
             Bug #: 40959
           Summary: DatabaseMysql::addIdentifierQuotes() is implemented
                    incorrectly
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: Database
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


Currently DatabaseMysql::addIdentifierQuotes() uses mysql_real_escape_string()
via strencode() but that is incorrect, as mysql_real_escape_string() does not
escape backticks (`).

See:

http://dev.mysql.com/doc/refman/5.6/en/identifiers.html

Section that starts with "Identifier quote characters can be included within an
identifier if you quote the identifier."

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 40959] New: DatabaseMysql::addIdentifierQuotes() is implemented incorrectly

Reply via email to