sql-parser
sql-parser copied to clipboard
Inline comments improperly removed during query
Describe the bug
The query:
select * from /*!i*/nformation_schema.tables;
Executes as if it were:
select * from information_schema.tables;
This is improper.
Expected behavior
MySQL and MariaDB return an error message, this is probably the most expected result. Perhaps a syntax error should be generated from the parser.
Server configuration
- Operating system: Debian
- Web server: Apache
- Database version: MariaDB 10.4.10
- PHP version: 7.4
- phpMyAdmin version: 5.0.0
Client configuration
- Browser: Firefox
- Operating system: MacOS
This was originally reported by email.
Note that this does not circumvent existing access controls; it cannot be used to escalate privileges.
Can I work on this?
@thesmallstar Yes, but you will maybe need to do changes on https://github.com/phpmyadmin/sql-parser/tree/QA
@williamdes okay thank you :)
Working on this.
I've looked into the problem and I think adding a space after the comment token in the SQL parser would solve the problem. @ibennetch what do you think?