[digikam] [Bug 451289] New: Database identifiers should be protected with tick marks

Tue, 08 Mar 2022 10:52:55 -0800 

https://bugs.kde.org/show_bug.cgi?id=451289

            Bug ID: 451289
           Summary: Database identifiers should be protected with tick
                    marks
           Product: digikam
           Version: 7.6.0
          Platform: Homebrew (macOS)
                OS: All
            Status: REPORTED
          Severity: minor
          Priority: NOR
         Component: Setup-Database
          Assignee: digikam-bugs-n...@kde.org
          Reporter: jan.stein...@gmail.com
  Target Milestone: ---

Created attachment 147376
  --> https://bugs.kde.org/attachment.cgi?id=147376&action=edit
SQL that contains identifiers with operand characters throw an error if no
escaped with tick marks.

SUMMARY
***
In Configure —> Database —> Requirements, SQL to be executed by the user should
be delimited with tick marks ("`") so that arbitrary characters can be used.
***


STEPS TO REPRODUCE
1. Set up for a mysql/maraidb database.
1. Set up databases with the base name of "DigiKam-"
2. Attempt to follow the instructions in "Configure —> Database —>
Requirements" for creating the necessary databases.

OBSERVED RESULT
"Configure —> Database —> Requirements" says to execute (in part):
<code>CREATE DATABASE DigiKam-Core;
GRANT ALL PRIVILEGES ON DigiKam-Core.* TO 'DigiKam'@'localhost';
CREATE DATABASE DigiKam-Thumbs;
GRANT ALL PRIVILEGES ON DigiKam-Thumbs.* TO 'DigiKam'@'localhost';
CREATE DATABASE DigiKam-Face;
GRANT ALL PRIVILEGES ON DigiKam-Face.* TO 'DigiKam'@'localhost';
CREATE DATABASE DigiKam-Similarity;
GRANT ALL PRIVILEGES ON DigiKam-Similarity.* TO 'DigiKam'@'localhost';
</code>

If that code is executed, MySQL/MariaDB tries to subtract "Core" from
"DigiKam", etc. because it does not recognize "DigiKam-Core" as a database
name, and it throws an SQL error.

EXPECTED RESULT
Databases are created

SOFTWARE/OS VERSIONS
Windows: 
macOS: 10.15.7
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

Whenever a user can enter SQL identifiers (or portions thereof) and those
identifiers can be displayed as something the user can execute, the generated
identifier should be surrounded by tick marks ("`") so MySQL/MariaDB will
recognize them as identifiers, rather than try to parse them as expressions.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to