Skip to content

Loading…

DDC-1919: Doctrine fails to escape entity with reserved name in various situations #2587

Closed
doctrinebot opened this Issue · 13 comments

2 participants

@doctrinebot

Jira issue originally created by user klaussilveira:

I have submitted a PR here, fixing part of this issue: doctrine/dbal#166

However, it fails when UPDATE or INSERT is used. I'm using a very simple, and common, entity name: Group. Doctrine is failing to escape this in various situations, causing queries to fail in MySQL due to reserved keywords.

@doctrinebot

Comment created by @ocramius:

Can you try using the quoting strategy in master? By defining an '@Table(name="Group")' on your entity you should be able to fix this issue by yourself... Anyway, this is only available in latest master.
Please give it a try and let us know.

@doctrinebot

Comment created by klaussilveira:

That hack, of course, fixes the problem. However, Doctrine is failing to escape entities with reserved keywords in various different situations and this should be a major problem, specially since there are many keywords that are common table names. Having to change the table name or escape the table name manually is not the best solution.

I have look through the code but could not find out why getQuotedTableName() is failing to quote the table name "Group". I fixed the other problem, involving schema creation, but this one i couldn't fix. That's why i'm opening the issue, hoping someone with more experience in the ORM codebase manages to fix it.

@doctrinebot

Comment created by @ocramius:

[~klaussilveira], doctrine won't quote (at least with the default strategy) a table called "Group". The default strategy will look for the sorrounding "" ("Group`").
Is it still failing to quote something in latest master? Can you write a simple example of a failure you are getting?

@doctrinebot

Comment created by klaussilveira:

The failure is caused when querying anything related to an entity wich it's name is a reserved keyword, for example, an entity called "Group". I expected Doctrine to quote such table names.

@doctrinebot

Comment created by @ocramius:

[~klaussilveira] did you put an @Table(name="Group") in it?

@doctrinebot

Comment created by @ocramius:

Please note that php@Table(name="Group") and php@Table(name="`Group`") are quite different. That's why I'm asking

@doctrinebot

Comment created by klaussilveira:

As i said, that hack fixes the problem. But i don't believe that having to change the table name or escape the table name manually is the best solution. Doctrine should be doing that transparently, as it does for other situations (such as during schema creation). Why not during all other operations? Makes no sense at all.

@doctrinebot

Comment created by @ocramius:

This is not a hack... In ORM, "`" is not the MySQL identifier quote. It is exactly thought as a character with which you tell the ORM that the identifier should be quoted.
The default strategy does make use of it, so please use it.

@doctrinebot

Comment created by @ocramius:

Also, we won't collect the SQL reserved keywords, nor we can know what keywords are used in all vendors. The patch for the quoting strategy was exactly thought to allow end users to use insecure names for their objects/fields/indexes/etc but without having the ORM implement those checks for them (since it would just be messy and too "magic").

Please also reconsider your pull request on github too ( DBAL-298 ).

I'm closing this one

@doctrinebot

Issue was closed with resolution "Invalid"

@doctrinebot

Comment created by klaussilveira:

Then what's the purpose of Doctrine\DBAL\Platforms\Keywords\MySQLKeywords?

@doctrinebot

Comment created by @ocramius:

[~klaussilveira] not sure, but it isn't used in ORM.

@doctrinebot

Comment created by @beberlei:

A related Github Pull-Request [GH-166] was closed
doctrine/dbal#166

@beberlei beberlei was assigned by doctrinebot
@doctrinebot doctrinebot closed this
@doctrinebot doctrinebot added the Bug label
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.