Closed (duplicate)
Project:
Data
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
10 Feb 2012 at 21:40 UTC
Updated:
22 Jan 2014 at 15:23 UTC
Jump to comment: Most recent
If you are unfortunate enough to use a MySQL reserved keyword as a column name when creating a table, the column is added, but all further interaction with the field breaks (see eg. http://blog.ericlamb.net/2009/07/mysql-reserved-keywords/). This is unsurprising, as db_query() doesn't check for reserved queries and escape them with backticks.
If the UI is intended for more general use (rather than technical programmers) then should we validate column names against the keywords list (http://dev.mysql.com/doc/mysqld-version-reference/en/mysqld-version-refe...)?
Comments
Comment #1
joachim commentedAgreed, column names should be checked and reserved words rejected.
Moving to 7.x branch.
Comment #2
joachim commentedDuplicate of #2028453: Check reserved words in MySQL (or other databases) in data_safe_name.