Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8248

mysqldump incorrect identifier quoting during equality comparison

    XMLWordPrintable

    Details

      Description

      When performing queries like the one in get_table_structure(), that make use of schema object names as strings for equality comparison, we must make sure to format the string so as to escape any characters that might affect the query.

      Query:

        const char *show_fields_stmt= "SELECT `COLUMN_NAME` AS `Field`, "
                                      "`COLUMN_TYPE` AS `Type`, "
                                      "`IS_NULLABLE` AS `Null`, "
                                      "`COLUMN_KEY` AS `Key`, "
                                      "`COLUMN_DEFAULT` AS `Default`, "
                                      "`EXTRA` AS `Extra`, "
                                      "`COLUMN_COMMENT` AS `Comment` "
                                      "FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE "
                                      "TABLE_SCHEMA = '%s' AND TABLE_NAME = '%s'";
       
          /* ... snip ... */
          /* This needs to quote the identifiers db and table. quote_for_equal() does the job. */
          my_snprintf(query_buff, sizeof(query_buff), show_fields_stmt, db, table);

        Attachments

          Activity

            People

            Assignee:
            cvicentiu Vicențiu Ciorbaru
            Reporter:
            cvicentiu Vicențiu Ciorbaru
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: