search

catfan / Medoo

The lightweight PHP database framework to accelerate the development.
https://medoo.in
MIT License
4.84k stars 1.15k forks source link

Error with special chars and backticks #586

Closed lamuzzachiodi closed 6 years ago

lamuzzachiodi commented 7 years ago

I'm using a database (mysql) with fields having ":" as part of it. Usually i'm use "`" (backticks) running queries and all works ok. However, it seems like (at least) in the "where" function of Medoo, the fields aren´t well parsed even having backticks.

MrMaxie commented 7 years ago

As far as I understand, double quotes (which Medoo uses) require that the name of the columns/tables be an identifier. The identifier may contain the following characters (in the unexpanded version): [0-9a-zA-Z$_ ]. If you want to use other characters inside the name you have to backticks, which tells SQL that it is a real string rather than an identifier.

Swap in around 356 lines, double quotes with backticks.

I think it would be cool if Medoo noticed such conflict of characters and will change double quotes into backticks for strings containing characters different than default identifier characters, or statically maybe change them, because I don't see any contraindications.

lamuzzachiodi commented 7 years ago

I think the real problem is the Medoo's assumptions about permitted characters in identifiers, not considering others even quoted (at least on mysql). Workaround?. Add the "special" character in the regexps. I guess the solution is to have a way of "push" the char/chars in the regexps, i,e:

// [optional] Special char
    'special_char' => ':',

or something like that.

catfan commented 6 years ago

v1.5 will output by the database default quote identifier.

https://medoo.in/api/whatsnew