database icon indicating copy to clipboard operation
database copied to clipboard

Published 20 hours ago verified publisher icon utopia-php

Fix: SQL ecaping and bind naming

Open Meldiron opened this issue 3 years ago • 2 comments

We already do:

  • Wrap custom keys in ` symbols to prevent sql syntax errors with dash symbols in attributes
  • Use number instead of key in bind name, same reason as above

So for instance, with attribute name e-mail, ideally we would try to do following:

WHERE tables_1.`e-mail` = :attribute_0

Notice attribute key is inside `, and bind name does not have the name, instead, a number. This prevents all errors with running the statement later.

Problem is, this was not consistent - it was not applied in all places. This PR applies it everywhere.

  • [x] New tests added

Blocked by this PR: https://github.com/utopia-php/database/pull/175

Mongo is failing, but this should be resolved by the PR linked above

Meldiron avatar Oct 12 '22 06:10 Meldiron

Mongo test is failing with new tests, looks like we have the same problem with dashes there.

Meldiron avatar Oct 12 '22 06:10 Meldiron

Related Issue:

  • https://github.com/appwrite/appwrite/issues/3600#issuecomment-1271752007?

stnguyen90 avatar Oct 12 '22 20:10 stnguyen90

@Meldiron Please fix the conflicts here and get the tests running, the blocking PR has been merged

abnegate avatar Jan 10 '23 07:01 abnegate

@abnegate updated, tests passing locally.

Meldiron avatar Jan 10 '23 09:01 Meldiron