keyword "connection" needs to be protected in sql query otherwise it causes sql errors (at least with MySQL 5.0.32 here). See attached patch...

CommentFileSizeAuthor
#6 tw-ticks.patch762 bytesrobertdouglass
#3 backticks.patch7.87 KBrobertdouglass
#1 connection.patch5.4 KBmathieu
connection.patch3.62 KBmathieu

Comments

mathieu’s picture

mathieu commented
StatusFileSize
new connection.patch5.4 KB

Forgot a few, new patch.

robertdouglass’s picture

robertdouglass commented

Yes, and this has to be extended to code like this:

$sql = 'SELECT MIN(' . tw_quote_column($colname) . ') FROM `{' . $tablename . '}`';

It can happen that the $tablename is also a reserved word. For example, I ran into:

SELECT MIN(blah) FROM grant;

robertdouglass’s picture

robertdouglass commented
StatusFileSize
new backticks.patch7.87 KB

Rerolled and added backticks for issue in #2. Agree that this is a critical issue.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Pittsfield, MA, USA
commented
Assigned: mathieu » mikeryan
Status: Needs review » Needs work

It's just too gross to call tw_quote_column() on all those queries... I'm going to rename the field (say, to dbconnection), the code will be much cleaner.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Pittsfield, MA, USA
commented
Status: Needs work » Fixed

OK, I've committed fixes:

  • connection renamed to dbconnection
  • tw_quote_column() renamed to tw_quote_identifier()
  • tw_quote_identifier() applied to table names

Thanks!

robertdouglass’s picture

robertdouglass commented
Status: Fixed » Needs review
StatusFileSize
new tw-ticks.patch762 bytes

Here's another place.

mikeryan’s picture

mikeryan
he/him
Primary language English
Location Pittsfield, MA, USA
commented
Status: Needs review » Fixed

Committed, thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.