quoteIdentifier() & quoteIdentifierChain() bug#2670
Conversation
Identifier escaping is done means of doubling the delimiter character, and not using a backslash.
|
Thats a good catch, can you link the place in the mysql manual that talks about this? Also, any chance you can update the tests associated with https://github.com/zendframework/zf2/blob/master/tests/ZendTest/Db/Adapter/Platform/MysqlTest.php |
|
http://dev.mysql.com/doc/refman/5.6/en/identifiers.html Section that starts with "Identifier quote characters can be included within an identifier if you quote the identifier." Also it's not clear what quoteIdentifierInFragment() should be doing. The preg_split() doesn't take into account ` marks in identifiers. IMHO it's a horrid function and should be deprecated/removed. |
|
Also want to look at the SQL Server identifier quoting as that is wrong. Should be doubling any closing bracket. |
The part of me that favors strictness over usability agrees with you. On the other hand, the not-so-strictly typed PHP developer in me understands that in some workflows, you want your components to help you get a project done over getting in your way while doing it. The art in balancing strictness and usefulness. At times, a developer might just want to say "take this and quote it for me". The this I am referring to might be foo AS barThe place where this is used is primarily inside If you have a better idea, I am all ears. If you want to avoid this function, then use Expression objects everywhere. There you get full control over quoting. You can see some of the various Select unit tests where this is used: (see the m = n) https://github.com/zendframework/zf2/blob/master/tests/ZendTest/Db/Sql/SelectTest.php#L586 I'll try to merge this in as soon as I can. |
Identifier escaping is done means of doubling the delimiter character, and not using a backslash.