Closed (fixed)
Project:
Drupal core
Version:
8.0.x-dev
Component:
database system
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
3 Apr 2014 at 13:54 UTC
Updated:
28 Oct 2014 at 09:14 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
danblack commentednow includes test cases.
Comment #2
sunThere's a Schema-related test addition in this patch, but not a query related test?
Comment #3
danblack commentedfixed patch to just handle default value. Includes testes for schema creation and altering a column definitions. After this #710940: Support for BINARY and VARBINARY in Database Schema should pass.
I'll leave field quoting for #281058: Schema API: properly quote column names.
Comment #4
danblack commentedComment #5
sunSorry, now I'm even more confused...
You removed all the changes to schema related classes, but you kept the schema related test addition... (?)
I think this patch should convert everything to use
quote()(as in #1). Or is there a special reason for why not?My comment in #2 only asked for non-schema, but query-related test coverage. There is already some test coverage for quoting values, but the change to
quote()might introduce new cases?In other words, #1 looked pretty good to me. #281058: Schema API: properly quote column names appears to be a stone-age issue, which I'd rather mark as duplicate... I think this issue should cover all instances that need to be fixed.
(That said, I'm not a database system maintainer, so I don't know why the current code doesn't use
PDO::quote()...)Comment #6
danblack commented#1 didn't work on postgresql. Maybe I needed to change the quoting style. quote worked perfectly well on values. I suspect fields need to be handled differently.
There are two bits to the test:
I'm having trouble differentiation what you mean by which tests are schema and which are query.
"I don't know why the current code doesn't use PDO::quote()...)"
I suspect because has strict rules about column names, indexes so quoting isn't required.
Comment #7
danblack commentedcolumn names appear to be tricky and doesn't use quote.
Comment #8
bzrudi71 commentedAdded #1600670: Cannot query Postgres database that has column names with capital letters which seems related.
Comment #9
danblack commentedfor escaping fields there is Connection::escape_field (which could be overwritten by the Driver/pgsql/Connection class if desired) however they seem inconsistently applied.
I came across the incorrect escaping of default values when writing the improvements #710940: Support for BINARY and VARBINARY in Database Schema where I discovered other manually quoted fields. Data values should be quoted with PDO::quote however fields should be quoted as per ANSI standard comment #7. I'd rather focus on other performance problems rather than do two different kind of fixes in the same patch.
Comment #10
sunAll code in a class name containing "schema" is database schema related. Everything else lives in other classes (that may have "query" in their name, but not necessarily).
But I just recognized that I wrongly interpreted the patch, and you're still changing schema code only. The only difference between #1 and #3 appears to be that you removed quoting for field identifiers, only quoting values.
That's correct, see http://php.net/manual/en/pdo.quote.php (+ user comments). PDO::quote() is only meant for values, not fields/identifiers.
That said, there's an interesting user comment that says that
quote()turns NULL into '' (possibly when not specifying custom PDO::PARAM_* constants) — does that affect our usage? Let's check whether there is a test for that, and if not, we might need to add one?Comment #11
sunForgot that I wanted to attach interdiff between #1 and #3.
Comment #12
danblack commented> That said, there's an interesting user comment that says that quote() turns NULL into ''
Conversion using quote is only done after a is_string(x) test.
> (possibly when not specifying custom PDO::PARAM_* constants) — does that affect our usage? Let's check whether there is a test for that, and if not, we might need to add one?
not currently. it passes tests on sqlite, pgsql and mysql. That doesn't rule out future improvements could be done in this respect.
Comment #13
sunThanks for the clarifications. I think this patch makes sense.
Comment #15
sun3: quote.patch queued for re-testing.
Comment #16
sunTestbot fluke. (Out of disk space, it seems)
Comment #17
alexpottCommitted 0231d35 and pushed to 8.x. Thanks!
Comment #20
danblack commentedmissed handling of NULL defaults and one more instance where quotes didn't use pdo->quote.
Comment #21
sunNo need to add a "private" method underscore prefix here.
Also, MySQL's Schema class contains the same code, so why don't we move this helper method into the base Schema class?
Comment #22
danblack commentedthanks for the review.
Comment #23
danblack commentedminor correction
Comment #24
sunErroneous newline.
Should start with a third-person verb and end with a period.
Either of type mixed or string|null if those are the only possible values at this point.
Always appears to be of type string?
Comment #25
danblack commentedor int/float if that's what was passed in.
Comment #26
stefan.r commentedComment #27
stefan.r commented23: quote_default_null.patch queued for re-testing.
(#25 is somehow still queued but as noted in the interdiff #23 is the same except for comments and whitespace.)
Comment #29
stefan.r commentedre-roll
Comment #31
danblack commentedthanks for the re-roll @stefan.r
Comment #33
bzrudi71 commentedPatch still applies, works and seems like a nice cleanup also.
Comment #34
alexpottCommitted cfd30d6 and pushed to 8.0.x. Thanks!