[DDC-1919] Doctrine fails to escape entity with reserved name in various situations Created: 10/Jul/12  Updated: 19/Jul/12  Resolved: 11/Jul/12

Status: Closed
Project: Doctrine 2 - ORM
Component/s: None
Affects Version/s: 2.2
Fix Version/s: 2.3, Git Master
Security Level: All

Type: Bug Priority: Major
Reporter: Klaus Silveira Assignee: Benjamin Eberlei
Resolution: Invalid Votes: 0
Labels: None
Environment:

MySQL



 Description   

I have submitted a PR here, fixing part of this issue: https://github.com/doctrine/dbal/pull/166

However, it fails when UPDATE or INSERT is used. I'm using a very simple, and common, entity name: Group. Doctrine is failing to escape this in various situations, causing queries to fail in MySQL due to reserved keywords.



 Comments   
Comment by Marco Pivetta [ 11/Jul/12 ]

Can you try using the quoting strategy in master? By defining an '@Table(name="`Group`")' on your entity you should be able to fix this issue by yourself... Anyway, this is only available in latest master.
Please give it a try and let us know.

Comment by Klaus Silveira [ 11/Jul/12 ]

That hack, of course, fixes the problem. However, Doctrine is failing to escape entities with reserved keywords in various different situations and this should be a major problem, specially since there are many keywords that are common table names. Having to change the table name or escape the table name manually is not the best solution.

I have look through the code but could not find out why getQuotedTableName() is failing to quote the table name "Group". I fixed the other problem, involving schema creation, but this one i couldn't fix. That's why i'm opening the issue, hoping someone with more experience in the ORM codebase manages to fix it.

Comment by Marco Pivetta [ 11/Jul/12 ]

Klaus Silveira, doctrine won't quote (at least with the default strategy) a table called "Group". The default strategy will look for the sorrounding "`" ("`Group`").
Is it still failing to quote something in latest master? Can you write a simple example of a failure you are getting?

Comment by Klaus Silveira [ 11/Jul/12 ]

The failure is caused when querying anything related to an entity wich it's name is a reserved keyword, for example, an entity called "Group". I expected Doctrine to quote such table names.

Comment by Marco Pivetta [ 11/Jul/12 ]

Klaus Silveira did you put an @Table(name="`Group`") in it?

Comment by Marco Pivetta [ 11/Jul/12 ]

Please note that

Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
@Table(name="Group")

and

Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
@Table(name="`Group`")

are quite different. That's why I'm asking

Comment by Klaus Silveira [ 11/Jul/12 ]

As i said, that hack fixes the problem. But i don't believe that having to change the table name or escape the table name manually is the best solution. Doctrine should be doing that transparently, as it does for other situations (such as during schema creation). Why not during all other operations? Makes no sense at all.

Comment by Marco Pivetta [ 11/Jul/12 ]

This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted.
The default strategy does make use of it, so please use it.

Comment by Marco Pivetta [ 11/Jul/12 ]

Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic").

Please also reconsider your pull request on github too ( DBAL-298 ).

I'm closing this one

Comment by Klaus Silveira [ 11/Jul/12 ]

Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?

Comment by Marco Pivetta [ 11/Jul/12 ]

Klaus Silveira not sure, but it isn't used in ORM.

Comment by Benjamin Eberlei [ 19/Jul/12 ]

A related Github Pull-Request [GH-166] was closed
https://github.com/doctrine/dbal/pull/166

Generated at Tue Jul 29 18:58:25 UTC 2014 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.