Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add support for automatic quoting of identifiers in DBI.
Table and column names have not traditionally quoted in Vend::Table::DBI routines. This can (and has) led to issues such as clashing with db reserved words and possible SQL injection issues. This patch adds optional support to allow all SQL queries that are generated by Interchange to have all the identifiers quoted. To enable this feature just add the following configuration directive to catalog.cfg: DatabaseDefault QUOTE_IDENTIFIERS 1 The above must be set before any Database or DatabaseAuto directives for it to work properly. You can also set this individually for each table: Database foo QUOTE_IDENTIFIERS 1 Also, if you want this to apply to all catalogs under a particular server instance, you can add this setting to catalog_before.cfg. As an example of how db queries are affected by this setting for a MySQL db with the Interchange tag [field price 12345] Interchange will send something like the following without and with QUOTE_IDENTIFIERS set for the products table: Without: SELECT price FROM products WHERE sku='12345' With: SELECT `price` FROM `products` WHERE `sku`='12345'
- Loading branch information