Doctrine 2 - ORM
  1. Doctrine 2 - ORM
  2. DDC-1919

Doctrine fails to escape entity with reserved name in various situations

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 2.2
    • Fix Version/s: 2.3, Git Master
    • Component/s: None
    • Security Level: All
    • Labels:
      None
    • Environment:
      MySQL

      Description

      I have submitted a PR here, fixing part of this issue: https://github.com/doctrine/dbal/pull/166

      However, it fails when UPDATE or INSERT is used. I'm using a very simple, and common, entity name: Group. Doctrine is failing to escape this in various situations, causing queries to fail in MySQL due to reserved keywords.

        Activity

        Hide
        Marco Pivetta added a comment - - edited

        Can you try using the quoting strategy in master? By defining an '@Table(name="`Group`")' on your entity you should be able to fix this issue by yourself... Anyway, this is only available in latest master.
        Please give it a try and let us know.

        Show
        Marco Pivetta added a comment - - edited Can you try using the quoting strategy in master? By defining an '@Table(name="`Group`")' on your entity you should be able to fix this issue by yourself... Anyway, this is only available in latest master. Please give it a try and let us know.
        Hide
        Klaus Silveira added a comment -

        That hack, of course, fixes the problem. However, Doctrine is failing to escape entities with reserved keywords in various different situations and this should be a major problem, specially since there are many keywords that are common table names. Having to change the table name or escape the table name manually is not the best solution.

        I have look through the code but could not find out why getQuotedTableName() is failing to quote the table name "Group". I fixed the other problem, involving schema creation, but this one i couldn't fix. That's why i'm opening the issue, hoping someone with more experience in the ORM codebase manages to fix it.

        Show
        Klaus Silveira added a comment - That hack, of course, fixes the problem. However, Doctrine is failing to escape entities with reserved keywords in various different situations and this should be a major problem, specially since there are many keywords that are common table names. Having to change the table name or escape the table name manually is not the best solution. I have look through the code but could not find out why getQuotedTableName() is failing to quote the table name "Group". I fixed the other problem, involving schema creation, but this one i couldn't fix. That's why i'm opening the issue, hoping someone with more experience in the ORM codebase manages to fix it.
        Hide
        Marco Pivetta added a comment -

        Klaus Silveira, doctrine won't quote (at least with the default strategy) a table called "Group". The default strategy will look for the sorrounding "`" ("`Group`").
        Is it still failing to quote something in latest master? Can you write a simple example of a failure you are getting?

        Show
        Marco Pivetta added a comment - Klaus Silveira , doctrine won't quote (at least with the default strategy) a table called "Group". The default strategy will look for the sorrounding "`" ("`Group`"). Is it still failing to quote something in latest master? Can you write a simple example of a failure you are getting?
        Hide
        Klaus Silveira added a comment -

        The failure is caused when querying anything related to an entity wich it's name is a reserved keyword, for example, an entity called "Group". I expected Doctrine to quote such table names.

        Show
        Klaus Silveira added a comment - The failure is caused when querying anything related to an entity wich it's name is a reserved keyword, for example, an entity called "Group". I expected Doctrine to quote such table names.
        Hide
        Marco Pivetta added a comment -

        Klaus Silveira did you put an @Table(name="`Group`") in it?

        Show
        Marco Pivetta added a comment - Klaus Silveira did you put an @Table(name="`Group`") in it?
        Hide
        Marco Pivetta added a comment -

        Please note that

        Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
        @Table(name="Group")

        and

        Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
        @Table(name="`Group`")

        are quite different. That's why I'm asking

        Show
        Marco Pivetta added a comment - Please note that Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml @Table(name= "Group" ) and Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml @Table(name= "`Group`" ) are quite different. That's why I'm asking
        Hide
        Klaus Silveira added a comment -

        As i said, that hack fixes the problem. But i don't believe that having to change the table name or escape the table name manually is the best solution. Doctrine should be doing that transparently, as it does for other situations (such as during schema creation). Why not during all other operations? Makes no sense at all.

        Show
        Klaus Silveira added a comment - As i said, that hack fixes the problem. But i don't believe that having to change the table name or escape the table name manually is the best solution. Doctrine should be doing that transparently, as it does for other situations (such as during schema creation). Why not during all other operations? Makes no sense at all.
        Hide
        Marco Pivetta added a comment -

        This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted.
        The default strategy does make use of it, so please use it.

        Show
        Marco Pivetta added a comment - This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted. The default strategy does make use of it, so please use it.
        Hide
        Marco Pivetta added a comment -

        Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic").

        Please also reconsider your pull request on github too ( DBAL-298 ).

        I'm closing this one

        Show
        Marco Pivetta added a comment - Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic"). Please also reconsider your pull request on github too ( DBAL-298 ). I'm closing this one
        Hide
        Klaus Silveira added a comment -

        Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?

        Show
        Klaus Silveira added a comment - Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?
        Hide
        Marco Pivetta added a comment -

        Klaus Silveira not sure, but it isn't used in ORM.

        Show
        Marco Pivetta added a comment - Klaus Silveira not sure, but it isn't used in ORM.
        Hide
        Benjamin Eberlei added a comment -

        A related Github Pull-Request [GH-166] was closed
        https://github.com/doctrine/dbal/pull/166

        Show
        Benjamin Eberlei added a comment - A related Github Pull-Request [GH-166] was closed https://github.com/doctrine/dbal/pull/166

          People

          • Assignee:
            Benjamin Eberlei
            Reporter:
            Klaus Silveira
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: