not all fields escaped in php editor lib
not all fields escaped in php editor lib
most fields are nicely escaped:
`regressiondb_store2db`.`IPSec_DataRate`.`Private_IP_Version` as regressiondb_store2db.IPSec_DataRate.Private_IP_Version'
but some fields are not escaped at all, the fieldnames, dbnames and tabel names are not escaped in case there is a () in the fieldname.
regressiondb_store2db.IPSec_DataRate.Tunnel_Count(each-direction) as 'regressiondb_store2db.IPSec_DataRate.Tunnel_Count(each-direction)',
below is the full result (debug) output
{"fieldErrors":[],"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '(Gbps) as 'regressiondb_store2db.IPSec_DataRate.Throughput(Gbps)', `regressiondb' at line 1","data":[],"ipOpts":[],"cancelled":[],"debug":[{"query":"SELECT COUNT( `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_id` ) as `cnt` FROM `regressiondb_store2db`.`IPSec_DataRate` LEFT JOIN `run` ON `run`.`id` = `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_run_id` LEFT JOIN `regressRun` ON `regressRun`.`id` = `run`.`regressRun_id` LEFT JOIN `testbed` ON `regressRun`.`testbed_id` = `testbed`.`id` ","bindings":[]},{"query":"SELECT COUNT( `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_id` ) as `cnt` FROM `regressiondb_store2db`.`IPSec_DataRate` ","bindings":[]},{"query":"SELECT `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_id` as 'regressiondb_store2db.IPSec_DataRate._rdb_id', `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_branch` as 'regressiondb_store2db.IPSec_DataRate._rdb_branch', `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_test` as 'regressiondb_store2db.IPSec_DataRate._rdb_test', `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_date` as 'regressiondb_store2db.IPSec_DataRate._rdb_date', `regressiondb_store2db`.`IPSec_DataRate`.`Frame_Size` as 'regressiondb_store2db.IPSec_DataRate.Frame_Size', `regressiondb_store2db`.`IPSec_DataRate`.`Auth` as 'regressiondb_store2db.IPSec_DataRate.Auth', `regressiondb_store2db`.`IPSec_DataRate`.`Encr` as 'regressiondb_store2db.IPSec_DataRate.Encr', regressiondb_store2db.IPSec_DataRate.Throughput(Gbps) as 'regressiondb_store2db.IPSec_DataRate.Throughput(Gbps)', `regressiondb_store2db`.`IPSec_DataRate`.`Tolerance` as 'regressiondb_store2db.IPSec_DataRate.Tolerance', `regressiondb_store2db`.`IPSec_DataRate`.`Phys_Topo` as 'regressiondb_store2db.IPSec_DataRate.Phys_Topo', `regressiondb_store2db`.`IPSec_DataRate`.`Sub_Topo` as 'regressiondb_store2db.IPSec_DataRate.Sub_Topo', `regressiondb_store2db`.`IPSec_DataRate`.`Init_VFP_Count` as 'regressiondb_store2db.IPSec_DataRate.Init_VFP_Count', `regressiondb_store2db`.`IPSec_DataRate`.`Resp_VFP_Count` as 'regressiondb_store2db.IPSec_DataRate.Resp_VFP_Count', `regressiondb_store2db`.`IPSec_DataRate`.`Init_QAT_VF_Count` as 'regressiondb_store2db.IPSec_DataRate.Init_QAT_VF_Count', `regressiondb_store2db`.`IPSec_DataRate`.`Resp_QAT_VF_Count` as 'regressiondb_store2db.IPSec_DataRate.Resp_QAT_VF_Count', `regressiondb_store2db`.`IPSec_DataRate`.`Public_IP_Version` as 'regressiondb_store2db.IPSec_DataRate.Public_IP_Version', `regressiondb_store2db`.`IPSec_DataRate`.`Private_IP_Version` as 'regressiondb_store2db.IPSec_DataRate.Private_IP_Version', regressiondb_store2db.IPSec_DataRate.Tunnel_Count(each-direction) as 'regressiondb_store2db.IPSec_DataRate.Tunnel_Count(each-direction)', `regressiondb_store2db`.`IPSec_DataRate`.`Flexi_Params` as 'regressiondb_store2db.IPSec_DataRate.Flexi_Params', `regressiondb_store2db`.`IPSec_DataRate`.`Testbed` as 'regressiondb_store2db.IPSec_DataRate.Testbed', `regressiondb_store2db`.`IPSec_DataRate`.`Build` as 'regressiondb_store2db.IPSec_DataRate.Build', `regressRun`.`link` as 'regressRun.link', `testbed`.`ipAddr` as 'testbed.ipAddr', `testbed`.`name` as 'testbed.name' FROM `regressiondb_store2db`.`IPSec_DataRate` LEFT JOIN `run` ON `run`.`id` = `regressiondb_store2db`.`IPSec_DataRate`.`_rdb_run_id` LEFT JOIN `regressRun` ON `regressRun`.`id` = `run`.`regressRun_id` LEFT JOIN `testbed` ON `regressRun`.`testbed_id` = `testbed`.`id` LIMIT 50","bindings":[]}]}
This discussion has been closed.
Answers
This is correct - if there are parenthesis in the text, the libraries intentionally do not escape the field. Instead they assume that you plan to execute a function.
I'm afraid the libraries do not currently support a parenthesis in the column names of the database tables.
Allan
is there a way we can disable the auto-escaping and do the escaping on our own?
that would be a solution for my problems
No - sorry. The link I gave above is where you would need to modify the code if you wanted to do so, but there isn't an external API to do it. You'd need to modify the code directly.
Allan