Issue Type: Bug Created: 2007-09-24T07:04:16.000+0000 Last Updated: 2008-03-21T16:25:22.000+0000 Status: Resolved Fix version(s): - 1.5.0 (17/Mar/08)
Reporter: Michael Mayer (michaelm) Assignee: Bill Karwin (bkarwin) Tags: - Zend_Db
Related issues: Attachments:
When using reserved characters like [ and ], the regular expressions in the protected function Zend_Db_Statement->_stripQuoted() throw an exception/error. This is because the strings should be quoted like that:
$q = preg_quote($q); $qe = preg_quote($qe); $d = preg_quote($d); $de = preg_quote($de);
I noticed this problem while using MS-SQL Server (odbtp). Of course, you can set QUOTED_IDENTIFIER to ON and use double quotes instead of brackets (as described in related tickets):
This however doesn't change the fact, that chars inserted into a regular expression should be escaped. Delimiters in brackets can always be used, regardless of the setting of QUOTED_IDENTIFIER.
Just an idea, but isn't there an easier way of getting the escape characters from the database adapter? Functions like getIdentifierQuoteStartChar(), getIdentifierQuoteEndChar(), getQuoteStartChar() and getQuoteEndChar()? I would even recommend using public class constants for this purpose.
Posted by Darby Felton (darby) on 2007-09-26T14:55:37.000+0000
Assigning to [~bkarwin] to initiate issue review. Is this issue really a blocker?
Posted by Bill Karwin (bkarwin) on 2007-10-01T20:38:41.000+0000
Don't use brackets as identifier delimiters. This is not standard SQL, it's bogus Microsoft syntax. The Zend_Db_Adapter_Pdo_Mssql class always executes "SET QUOTED_IDENTIFIER ON" after connecting, to encourage usage of standard SQL syntax.
I don't think we should add methods to the Db Adapter interface to support non-standard syntax used by a single vendor. The better solution is to use the standard SQL identifier delimiter, which is the double-quote (") and is the same for begin and end of a delimited identifier.
Have you found an issue?
See the Overview section for more details.