Skip to content

Loading…

DDC-344: Table names are not escaped #4247

Closed
doctrinebot opened this Issue · 5 comments

1 participant

@doctrinebot

Jira issue originally created by user nicokaiser:

Table names (and maybe also attribute names?) are not escaped when SQL is generated.
This means, if you create something like this

/****
 * @Entity
 * @Table(name="groups")
 */
class Group
...

the generated SQL code will be "CREATE TABLE group (id INT...", which fails because "group" is a reserved keyword. It should be escaped with backticks: "CREATE TABLE group (id INT..."

@doctrinebot

Comment created by shurakai:

You need to quote the tablename by yourself:

http://www.doctrine-project.org/documentation/manual/2_0/en/basic-mapping:quoting-reserved-words

@doctrinebot

Comment created by romanb:

Like Christian said, you can mark individial table or column names for quoting in the ORM.

In the DBAL, nothing is quoted automatically to avoid all kinds of issues. When using the DBAL directly you can quote yourself (quoteIdentifier()).

So this is by design. For your concrete problem you can use @Table(name="group") but the much better option is to avoid reserved words completely.

@doctrinebot

Issue was closed with resolution "Invalid"

@doctrinebot

Comment created by nicokaiser:

Oh, ok. So is there a technical reason for this? Why not quote all table / attribute names automatically in Doctrine?

@doctrinebot

Comment created by romanb:

Because that would be overkill and unnecessarily clutters the SQL. More than that, identifier quoting can fail on certain platforms under certain conditions with certain input ... Lastly, it would add quite some code bloat to quote everything because not all SQL goes down 1 execution path.

All these things together with the fact that identifier quoting is considered a workaround led to the current implementation. We discourage identifier quoting, but still make it possible selectively.

We've had the "quote nothing or everything" approach in D1 with a simple switch and it was/is full of problems. Apart from the simple fact that you need to quote everything as soon as you have a single, reserved column or table name anywhere. Thats just overkill.

@doctrinebot doctrinebot added this to the 2.0-BETA1 milestone
@doctrinebot doctrinebot closed this
@doctrinebot doctrinebot added the Bug label
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.