Fix MySQL column escaping
ff2b58dab746
Actions

Authored by vrana <jakubv@fb.com> on Apr 5 2012, 22:39.

Description

Fix MySQL column escaping

Summary:
MySQL doesn't treat \ as escaping character in ``.
This isn't probably SQL injection hole because I've found no calls of this method with user input.
But better safe than sorry.

See also NO_BACKSLASH_ESCAPES.

Test Plan:

SELECT `a\`b`; -- Throws: Syntax error near '`'.
-- Should throw: Unknown column 'a`b'.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2109

Details

Committed

vrana <jakubv@fb.com>

Apr 6 2012, 00:11

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH23d5d7a1a683: Delete unused CSS

Branches

Unknown

Tags

Unknown

Event Timeline

vrana <jakubv@fb.com> committed rPHff2b58dab746: Fix MySQL column escaping (authored by vrana <jakubv@fb.com>).Apr 6 2012, 00:11

Changes (1)

				Path
	M			src/storage/connection/mysql/AphrontMySQLDatabaseConnection.php

rPHff2b58dab746

View Options

src/storage/connection/mysql/AphrontMySQLDatabaseConnection.php