At 05:13 AM 2/24/2011, you wrote:
>Use a quote around the column name or explicitly specify the column as
><table>.<column> (as for e.g. mytable.group) in the query. For more
>details refer to http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Hmmm. Everyone has given me a great idea. I am going to change my table
names to "Table", "Group", "Having", "Select", "Into", "Order By",
"Update", "Delete" etc. just to confuse hackers so they won't be able to
launch a sql injection attack against my website. The naming convention
will drive them crazy.
>On Feb 24, 2011, at 4:36 PM, Dave M G wrote:
> > MySQL users,
> > Simple question:
> > In one table in my database, the column was named "group".
> > I kept getting failed query errors until I renamed the column.
> > I've never before encountered a situation where MySQL mistook a column
> > name for part of the query syntax.
> > Should I never use the word "group" for column names? Seems a little
> > silly. Is there a way to protect column names to that there is no
> > --
> > Dave M G
> > --
> > MySQL General Mailing List
> > For list archives: http://lists.mysql.com/mysql
> > To unsubscribe: http://lists.mysql.com/mysql?unsub=1