database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

Table identifiers and file names were not quoted and escaped correctly by

Browse Source 
mysqlimport. (Bug #28071)
This commit is contained in:
Jim Winstead
2009-05-19 15:26:57 -07:00
parent eb1261502c
commit 16aeb5ad3d
3 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
client/mysqlimport.c
View File

@@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv)
static int write_to_table(char *filename, MYSQL *mysql) static int write_to_table(char *filename, MYSQL *mysql)
{ {
char tablename[FN_REFLEN], hard_path[FN_REFLEN], char tablename[FN_REFLEN], hard_path[FN_REFLEN],
sql_statement[FN_REFLEN*16+256], *end; escaped_name[FN_REFLEN * 2 + 1],
sql_statement[FN_REFLEN*16+256], *end, *pos;
DBUG_ENTER("write_to_table"); DBUG_ENTER("write_to_table");
DBUG_PRINT("enter",("filename: %s",filename)); DBUG_PRINT("enter",("filename: %s",filename));
@@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql)
fprintf(stdout, "Loading data from SERVER file: %s into %s\n", fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
hard_path, tablename); hard_path, tablename);
} }
mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path));
sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
opt_low_priority ? "LOW_PRIORITY" : "", opt_low_priority ? "LOW_PRIORITY" : "",
opt_local_file ? "LOCAL" : "", hard_path); opt_local_file ? "LOCAL" : "", escaped_name);
end= strend(sql_statement); end= strend(sql_statement);
if (replace) if (replace)
end= strmov(end, " REPLACE"); end= strmov(end, " REPLACE");
if (ignore) if (ignore)
end= strmov(end, " IGNORE"); end= strmov(end, " IGNORE");
end= strmov(strmov(end, " INTO TABLE "), tablename); end= strmov(end, " INTO TABLE `");
/* Turn any ` into `` in table name. */
for (pos= tablename; *pos; pos++)
{
if (*pos == '`')
*end++= '`';
*end++= *pos;
}
end= strmov(end, "`");
if (fields_terminated || enclosed || opt_enclosed || escaped) if (fields_terminated || enclosed || opt_enclosed || escaped)
end= strmov(end, " FIELDS"); end= strmov(end, " FIELDS");

10
mysql-test/r/mysqldump.result
View File

@@ -4439,6 +4439,16 @@ drop view v1;
drop table t1; drop table t1;
drop view v1; drop view v1;
drop table t1; drop table t1;
#
# Bug#28071 mysqlimport does not quote or escape table name
#
drop table if exists `load`;
create table `load` (a varchar(255));
test.load: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0
select count(*) from `load`;
count(*)
70
drop table `load`;
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
# #
# End of 5.1 tests # End of 5.1 tests

23
mysql-test/t/mysqldump.test
View File

@@ -1971,8 +1971,27 @@ drop table t1;
--remove_file $MYSQLTEST_VARDIR/tmp/v1.sql --remove_file $MYSQLTEST_VARDIR/tmp/v1.sql
# We reset concurrent_inserts value to whatever it was at the start of the test --echo #
# This line must be executed _after_ all test cases. --echo # Bug#28071 mysqlimport does not quote or escape table name
--echo #
--disable_warnings
drop table if exists `load`;
--enable_warnings
create table `load` (a varchar(255));
--copy_file std_data/words.dat $MYSQLTEST_VARDIR/tmp/load.txt
--exec $MYSQL_IMPORT --ignore test $MYSQLTEST_VARDIR/tmp/load.txt
select count(*) from `load`;
--remove_file $MYSQLTEST_VARDIR/tmp/load.txt
drop table `load`;
# We reset concurrent_inserts value to whatever it was at the start of the
# test This line must be executed _after_ all test cases.
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;