You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that when using MySqlConnector to call a stored procedure by specifying DbCommand.CommandType = CommandType.StoredProcedure, the procedure name set in DbCommand.CommandText is not automatically escaped. However, MySQL Connector/NET seems to do this. For example:
In MySQL Workbench, create a procedure with a name that contains spaces like test spaces1:
When running the program, it works as expected. Looking at the network connection, we can see that the following SQL is sent to the server:
CALL `mydb`.`test spaces1`(123)
Now switch to MySqlConnector 1.4.0-beta.2. Executing the program throw the following exception:
MySqlConnector.MySqlException (0x80004005): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'spaces1(123)' at line 1
We can see the following SQL is sent to the server (notice the procedure name is not escaped):
CALL test spaces1(123);
Is this intended behavior?
The text was updated successfully, but these errors were encountered:
Ok, thanks for the clarification! I agree this could be added to the docs/migration page.
However, I also noticed that quoting the stored procedure name doesn't seem to work correctly for the query to information_schema.routines and information_schema.parameters that MySqlConnector executes, when the procedure name contains a backtick:
Create a procedure like this:
CREATE PROCEDURE `test spaces3.x ``2` (IN myVarStr VARCHAR(2000), OUT myVarStrOut VARCHAR(2000))
BEGINSELECT CONCAT('Test: ', myVarStr) INTO myVarStrOut;
Notice that the query specifies ROUTINE_NAME = 'test spaces3.x ``2', so it seems the quotes/backticks at the start and end of the name were removed, but the double backtick wasn't de-escaped to a single backtick. Therefore, this query doesn't yield a result, because the actual procedure name is test spaces3.x `2, and (I assume) because of the missing result, the parameters are then supplied in the wrong order.