MySQL Lists: internals: Re: [PATCH] for Bug #31113

List:	Internals	« Previous Message Next Message »
From:	Marko Mäkelä	Date:	October 30 2007 8:07am
Subject:	Re: [PATCH] for Bug #31113
View as plain text

On Tue, Oct 30, 2007 at 04:01:04PM +0800, mysql yxx wrote:
> --- mysqldump.c.orig    2007-10-29 17:40:50.000000000 +0800
> +++ mysqldump.c 2007-10-30 15:42:00.000000000 +0800
> @@ -1033,7 +1033,7 @@
>    MYSQL_RES *db_cl_res;
>    MYSQL_ROW db_cl_row;
> 
> -  my_snprintf(query, sizeof (query), "use %s", db_name);
> +  my_snprintf(query, sizeof (query), "use `%s`", db_name);
> 
>    if (mysql_query_with_error_report(mysql, NULL, query))
>      return 1;

Shouldn't the db_name be escaped, in case it contains special characters
like ` or \ ?  Perhaps my_snprintf() should define a modifier of %s that
quotes identifiers when needed.

Regards,

	Marko Mäkelä
	Innobase Oy/Oracle Corp.

Thread
• [PATCH] for Bug #31113	mysql yxx	30 Oct
• Re: [PATCH] for Bug #31113	Marko Mäkelä	30 Oct
• Re: [PATCH] for Bug #31113	Chad MILLER	30 Oct