reflectors: table names are correctly escaped

dg · Dec 4, 2012 · 23531a0 · 23531a0
1 parent 22c6f2d
commit 23531a0
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 20 deletions.
diff --git a/dibi/drivers/mssql.reflector.php b/dibi/drivers/mssql.reflector.php
@@ -65,18 +65,16 @@ public function getTableCount($table, $fallback=true)
 		if (empty($table)) {
 			return false;
 		}
-		$table = $this->driver->escape($table, dibi::TEXT);
-
 		$result = $this->driver->query("
 			SELECT MAX(rowcnt)
 			FROM sys.sysindexes
-			WHERE id=OBJECT_ID({$table})
+			WHERE id=OBJECT_ID({$this->driver->escape($table, dibi::IDENTIFIER)})
 		");
 		$row = $result->fetch(FALSE);
 
 		if (!is_array($row) || count($row) < 1) {
 			if ($fallback) {
-				$row = $this->driver->query("SELECT COUNT(*) FROM {$table}")->fetch(FALSE);
+				$row = $this->driver->query("SELECT COUNT(*) FROM {$this->driver->escape($table, dibi::IDENTIFIER)}")->fetch(FALSE);
 				$count = intval($row[0]);
 			} else {
 				$count = false;
@@ -100,7 +98,7 @@ public function getColumns($table)
 		$res = $this->driver->query("
 			SELECT * FROM
 			INFORMATION_SCHEMA.COLUMNS
-			WHERE TABLE_NAME = '{$table}'
+			WHERE TABLE_NAME = {$this->driver->escape($table, dibi::TEXT)}
 			ORDER BY TABLE_NAME, ORDINAL_POSITION
 		");
 		$columns = array();
@@ -148,8 +146,6 @@ public function getColumns($table)
 	 */
 	public function getIndexes($table)
 	{
-		$table = $this->driver->escape($table, dibi::TEXT);
-
 		$res = $this->driver->query(
 			"SELECT ind.name index_name, ind.index_id, ic.index_column_id,
 					col.name column_name, ind.is_unique, ind.is_primary_key
@@ -160,7 +156,7 @@ public function getIndexes($table)
 				(ic.object_id = col.object_id and ic.column_id = col.column_id)
 			INNER JOIN sys.tables t ON
 				(ind.object_id = t.object_id)
-			WHERE t.name = {$table}
+			WHERE t.name = {$this->driver->escape($table, dibi::TEXT)}
 				AND t.is_ms_shipped = 0
 			ORDER BY
 				t.name, ind.name, ind.index_id, ic.index_column_id
@@ -192,8 +188,6 @@ public function getIndexes($table)
 	 */
 	public function getForeignKeys($table)
 	{
-		$table = $this->driver->escape($table, dibi::TEXT);
-
 		$res = $this->driver->query("
 			SELECT f.name AS foreign_key,
 			OBJECT_NAME(f.parent_object_id) AS table_name,
@@ -206,7 +200,7 @@ public function getForeignKeys($table)
 			FROM sys.foreign_keys AS f
 			INNER JOIN sys.foreign_key_columns AS fc
 			ON f.OBJECT_ID = fc.constraint_object_id
-			WHERE OBJECT_NAME(f.parent_object_id)={$table}
+			WHERE OBJECT_NAME(f.parent_object_id) = {$this->driver->escape($table, dibi::TEXT)}
 		");
 
 		$keys = array();

diff --git a/dibi/drivers/mysql.reflector.php b/dibi/drivers/mysql.reflector.php
@@ -68,7 +68,7 @@ public function getColumns($table)
 			FROM INFORMATION_SCHEMA.COLUMNS
 			WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE()
 		");*/
-		$res = $this->driver->query("SHOW FULL COLUMNS FROM `$table`");
+		$res = $this->driver->query("SHOW FULL COLUMNS FROM {$this->driver->escape($table, dibi::IDENTIFIER)}");
 		$columns = array();
 		while ($row = $res->fetch(TRUE)) {
 			$type = explode('(', $row['Type']);
@@ -103,7 +103,7 @@ public function getIndexes($table)
 			WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE()
 			AND REFERENCED_COLUMN_NAME IS NULL
 		");*/
-		$res = $this->driver->query("SHOW INDEX FROM `$table`");
+		$res = $this->driver->query("SHOW INDEX FROM {$this->driver->escape($table, dibi::IDENTIFIER)}");
 		$indexes = array();
 		while ($row = $res->fetch(TRUE)) {
 			$indexes[$row['Key_name']]['name'] = $row['Key_name'];

diff --git a/dibi/drivers/sqlite.reflector.php b/dibi/drivers/sqlite.reflector.php
@@ -60,12 +60,12 @@ public function getTables()
 	public function getColumns($table)
 	{
 		$meta = $this->driver->query("
-			SELECT sql FROM sqlite_master WHERE type = 'table' AND name = '$table'
+			SELECT sql FROM sqlite_master WHERE type = 'table' AND name = {$this->driver->escape($table, dibi::TEXT)}
 			UNION ALL
-			SELECT sql FROM sqlite_temp_master WHERE type = 'table' AND name = '$table'"
-		)->fetch(TRUE);
+			SELECT sql FROM sqlite_temp_master WHERE type = 'table' AND name = {$this->driver->escape($table, dibi::TEXT)}
+		")->fetch(TRUE);
 
-		$res = $this->driver->query("PRAGMA table_info([$table])");
+		$res = $this->driver->query("PRAGMA table_info({$this->driver->escape($table, dibi::IDENTIFIER)})");
 		$columns = array();
 		while ($row = $res->fetch(TRUE)) {
 			$column = $row['name'];
@@ -95,15 +95,15 @@ public function getColumns($table)
 	 */
 	public function getIndexes($table)
 	{
-		$res = $this->driver->query("PRAGMA index_list([$table])");
+		$res = $this->driver->query("PRAGMA index_list({$this->driver->escape($table, dibi::IDENTIFIER)})");
 		$indexes = array();
 		while ($row = $res->fetch(TRUE)) {
 			$indexes[$row['name']]['name'] = $row['name'];
 			$indexes[$row['name']]['unique'] = (bool) $row['unique'];
 		}
 
 		foreach ($indexes as $index => $values) {
-			$res = $this->driver->query("PRAGMA index_info([$index])");
+			$res = $this->driver->query("PRAGMA index_info({$this->driver->escape($index, dibi::IDENTIFIER)})");
 			while ($row = $res->fetch(TRUE)) {
 				$indexes[$index]['columns'][$row['seqno']] = $row['name'];
 			}
@@ -150,7 +150,7 @@ public function getForeignKeys($table)
 		if (!($this->driver instanceof DibiSqlite3Driver)) {
 			// throw new DibiNotSupportedException; // @see http://www.sqlite.org/foreignkeys.html
 		}
-		$res = $this->driver->query("PRAGMA foreign_key_list([$table])");
+		$res = $this->driver->query("PRAGMA foreign_key_list({$this->driver->escape($table, dibi::IDENTIFIER)})");
 		$keys = array();
 		while ($row = $res->fetch(TRUE)) {
 			$keys[$row['id']]['name'] = $row['id']; // foreign key name