Doctrine 2 - ORM
  1. Doctrine 2 - ORM
  2. DDC-1919

Doctrine fails to escape entity with reserved name in various situations

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 2.2
    • Fix Version/s: 2.3, Git Master
    • Component/s: None
    • Security Level: All
    • Labels:
      None
    • Environment:
      MySQL

      Description

      I have submitted a PR here, fixing part of this issue: https://github.com/doctrine/dbal/pull/166

      However, it fails when UPDATE or INSERT is used. I'm using a very simple, and common, entity name: Group. Doctrine is failing to escape this in various situations, causing queries to fail in MySQL due to reserved keywords.

        Activity

        Hide
        Marco Pivetta added a comment -

        This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted.
        The default strategy does make use of it, so please use it.

        Show
        Marco Pivetta added a comment - This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted. The default strategy does make use of it, so please use it.
        Hide
        Marco Pivetta added a comment -

        Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic").

        Please also reconsider your pull request on github too ( DBAL-298 ).

        I'm closing this one

        Show
        Marco Pivetta added a comment - Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic"). Please also reconsider your pull request on github too ( DBAL-298 ). I'm closing this one
        Hide
        Klaus Silveira added a comment -

        Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?

        Show
        Klaus Silveira added a comment - Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?
        Hide
        Marco Pivetta added a comment -

        Klaus Silveira not sure, but it isn't used in ORM.

        Show
        Marco Pivetta added a comment - Klaus Silveira not sure, but it isn't used in ORM.
        Hide
        Benjamin Eberlei added a comment -

        A related Github Pull-Request [GH-166] was closed
        https://github.com/doctrine/dbal/pull/166

        Show
        Benjamin Eberlei added a comment - A related Github Pull-Request [GH-166] was closed https://github.com/doctrine/dbal/pull/166

          People

          • Assignee:
            Benjamin Eberlei
            Reporter:
            Klaus Silveira
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: