#At file:///Users/jimw/my/mysql-5.1/ based on revid:jimw@stripped
2903 Jim Winstead 2009-05-19
Table identifiers and file names were not quoted and escaped correctly by
mysqlimport. (Bug #28071)
modified:
client/mysqlimport.c
mysql-test/r/mysqldump.result
mysql-test/t/mysqldump.test
=== modified file 'client/mysqlimport.c'
--- a/client/mysqlimport.c 2009-05-07 17:51:55 +0000
+++ b/client/mysqlimport.c 2009-05-19 22:26:57 +0000
@@ -303,7 +303,8 @@ static int get_options(int *argc, char *
static int write_to_table(char *filename, MYSQL *mysql)
{
char tablename[FN_REFLEN], hard_path[FN_REFLEN],
- sql_statement[FN_REFLEN*16+256], *end;
+ escaped_name[FN_REFLEN * 2 + 1],
+ sql_statement[FN_REFLEN*16+256], *end, *pos;
DBUG_ENTER("write_to_table");
DBUG_PRINT("enter",("filename: %s",filename));
@@ -338,15 +339,24 @@ static int write_to_table(char *filename
fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
hard_path, tablename);
}
+ mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path));
sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
opt_low_priority ? "LOW_PRIORITY" : "",
- opt_local_file ? "LOCAL" : "", hard_path);
+ opt_local_file ? "LOCAL" : "", escaped_name);
end= strend(sql_statement);
if (replace)
end= strmov(end, " REPLACE");
if (ignore)
end= strmov(end, " IGNORE");
- end= strmov(strmov(end, " INTO TABLE "), tablename);
+ end= strmov(end, " INTO TABLE `");
+ /* Turn any ` into `` in table name. */
+ for (pos= tablename; *pos; pos++)
+ {
+ if (*pos == '`')
+ *end++= '`';
+ *end++= *pos;
+ }
+ end= strmov(end, "`");
if (fields_terminated || enclosed || opt_enclosed || escaped)
end= strmov(end, " FIELDS");
=== modified file 'mysql-test/r/mysqldump.result'
--- a/mysql-test/r/mysqldump.result 2009-05-18 19:52:51 +0000
+++ b/mysql-test/r/mysqldump.result 2009-05-19 22:26:57 +0000
@@ -4439,6 +4439,16 @@ drop view v1;
drop table t1;
drop view v1;
drop table t1;
+#
+# Bug#28071 mysqlimport does not quote or escape table name
+#
+drop table if exists `load`;
+create table `load` (a varchar(255));
+test.load: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0
+select count(*) from `load`;
+count(*)
+70
+drop table `load`;
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
#
# End of 5.1 tests
=== modified file 'mysql-test/t/mysqldump.test'
--- a/mysql-test/t/mysqldump.test 2009-05-18 19:52:51 +0000
+++ b/mysql-test/t/mysqldump.test 2009-05-19 22:26:57 +0000
@@ -1971,8 +1971,27 @@ drop table t1;
--remove_file $MYSQLTEST_VARDIR/tmp/v1.sql
-# We reset concurrent_inserts value to whatever it was at the start of the test
-# This line must be executed _after_ all test cases.
+--echo #
+--echo # Bug#28071 mysqlimport does not quote or escape table name
+--echo #
+
+--disable_warnings
+drop table if exists `load`;
+--enable_warnings
+create table `load` (a varchar(255));
+
+--copy_file std_data/words.dat $MYSQLTEST_VARDIR/tmp/load.txt
+
+--exec $MYSQL_IMPORT --ignore test $MYSQLTEST_VARDIR/tmp/load.txt
+
+select count(*) from `load`;
+
+--remove_file $MYSQLTEST_VARDIR/tmp/load.txt
+
+drop table `load`;
+
+# We reset concurrent_inserts value to whatever it was at the start of the
+# test This line must be executed _after_ all test cases.
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
| Thread |
|---|
| • bzr commit into mysql-5.1-bugteam branch (jimw:2903) Bug#28071 | Jim Winstead | 20 May |
