[MDEV-6508] Missing escaping in SELECT ROUTINE_BODY FROM I_S.ROUTINES Created: 2014-07-30 Updated: 2022-09-12 Resolved: 2022-09-12 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | OTHER |
| Affects Version/s: | 5.5.36-galera, 5.3.12, 10.0.12 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Minor |
| Reporter: | Alexander Barkov | Assignee: | Alexander Barkov |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Description |
|
SHOW CREATE FUNCTION displays correctly escaped double quotes and backslashes in string literals. I_S.ROUTINES.ROUTINE_BODY displays unescaped values, which looks wrong. This SQL script demonstrates the problem:
The output from SHOW is:
The output from SELECT is:
ROUTINE_DEFINITION should also display escaped values. |
| Comments |
| Comment by Sergei Golubchik [ 2014-08-05 ] | ||||||||||
|
This is expected behavior. I_S.ROUTINES table shows the routine definition in the UTF8 character set. It is generally impossible to represent a definition of the arbitrary routine in the UTF8. Thus the purpose of the I_S.ROUTINES.ROUTINE_DEFINITION column is to provide a user-readable representation of the routine definition, but it may not always be used to recreate the routine and won't necessarily be valid SQL. For the latter one should use SHOW CREATE FUNCTION. But its output won't necessarily be in any specific character set. | ||||||||||
| Comment by Alexander Barkov [ 2014-08-05 ] | ||||||||||
|
Right, the purpose of I_S.ROUTINES is not to give a valid SQL code. Note, among other dangerous characters, '\0' is also not escaped! Although it's probably not very important, but still, this IS a bug. | ||||||||||
| Comment by Alexander Barkov [ 2015-03-26 ] | ||||||||||
|
A similar problem happens with binary strings.
returns:
| ||||||||||
| Comment by Sergei Golubchik [ 2022-09-12 ] | ||||||||||
|
10.0 was EOLed in March 2019 |