Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1(EOL)
-
None
Description
When performing queries like the one in get_table_structure(), that make use of schema object names as strings for equality comparison, we must make sure to format the string so as to escape any characters that might affect the query.
Query:
const char *show_fields_stmt= "SELECT `COLUMN_NAME` AS `Field`, " |
"`COLUMN_TYPE` AS `Type`, " |
"`IS_NULLABLE` AS `Null`, " |
"`COLUMN_KEY` AS `Key`, " |
"`COLUMN_DEFAULT` AS `Default`, " |
"`EXTRA` AS `Extra`, " |
"`COLUMN_COMMENT` AS `Comment` " |
"FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE " |
"TABLE_SCHEMA = '%s' AND TABLE_NAME = '%s'"; |
|
|
/* ... snip ... */ |
/* This needs to quote the identifiers db and table. quote_for_equal() does the job. */ |
my_snprintf(query_buff, sizeof(query_buff), show_fields_stmt, db, table);
|
CC: serg