sql-parser icon indicating copy to clipboard operation
sql-parser copied to clipboard

Inline comments improperly removed during query

Open ibennetch opened this issue 5 years ago • 6 comments

Describe the bug

The query: select * from /*!i*/nformation_schema.tables;

Executes as if it were: select * from information_schema.tables;

This is improper.

Expected behavior

MySQL and MariaDB return an error message, this is probably the most expected result. Perhaps a syntax error should be generated from the parser.

Server configuration

  • Operating system: Debian
  • Web server: Apache
  • Database version: MariaDB 10.4.10
  • PHP version: 7.4
  • phpMyAdmin version: 5.0.0

Client configuration

  • Browser: Firefox
  • Operating system: MacOS

This was originally reported by email.

ibennetch avatar Jan 08 '20 03:01 ibennetch

Note that this does not circumvent existing access controls; it cannot be used to escalate privileges.

ibennetch avatar Jan 08 '20 03:01 ibennetch

Can I work on this?

thesmallstar avatar Jan 13 '20 12:01 thesmallstar

@thesmallstar Yes, but you will maybe need to do changes on https://github.com/phpmyadmin/sql-parser/tree/QA

williamdes avatar Jan 13 '20 12:01 williamdes

@williamdes okay thank you :)

thesmallstar avatar Jan 15 '20 09:01 thesmallstar

Working on this.

shucon avatar Nov 06 '20 20:11 shucon

I've looked into the problem and I think adding a space after the comment token in the SQL parser would solve the problem. @ibennetch what do you think?

shucon avatar Nov 07 '20 12:11 shucon