Table identifiers and file names were not quoted and escaped correctly by

mysqlimport. (Bug #28071)

client/mysqlimport.c

@@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv)
 static int write_to_table(char *filename, MYSQL *mysql)
 {
   char tablename[FN_REFLEN], hard_path[FN_REFLEN],
-       sql_statement[FN_REFLEN*16+256], *end;
+       escaped_name[FN_REFLEN * 2 + 1],
+       sql_statement[FN_REFLEN*16+256], *end, *pos;
   DBUG_ENTER("write_to_table");
   DBUG_PRINT("enter",("filename: %s",filename));
 
@@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql)
       fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
 	      hard_path, tablename);
   }
+  mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path));
   sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
 	  opt_low_priority ? "LOW_PRIORITY" : "",
-	  opt_local_file ? "LOCAL" : "", hard_path);
+	  opt_local_file ? "LOCAL" : "", escaped_name);
   end= strend(sql_statement);
   if (replace)
     end= strmov(end, " REPLACE");
   if (ignore)
     end= strmov(end, " IGNORE");
-  end= strmov(strmov(end, " INTO TABLE "), tablename);
+  end= strmov(end, " INTO TABLE `");
+  /* Turn any ` into `` in table name. */
+  for (pos= tablename; *pos; pos++)
+  {
+    if (*pos == '`')
+      *end++= '`';
+    *end++= *pos;
+  }
+  end= strmov(end, "`");
 
   if (fields_terminated || enclosed || opt_enclosed || escaped)
       end= strmov(end, " FIELDS");

mysql-test/r/mysqldump.result

@@ -4439,6 +4439,16 @@ drop view v1;
 drop table t1;
 drop view v1;
 drop table t1;
+#
+# Bug#28071 mysqlimport does not quote or escape table name
+#
+drop table if exists `load`;
+create table `load` (a varchar(255));
+test.load: Records: 70  Deleted: 0  Skipped: 0  Warnings: 0
+select count(*) from `load`;
+count(*)
+70
+drop table `load`;
 SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
 #
 # End of 5.1 tests

mysql-test/t/mysqldump.test

@@ -1971,8 +1971,27 @@ drop table t1;
 --remove_file $MYSQLTEST_VARDIR/tmp/v1.sql
 
 
-# We reset concurrent_inserts value to whatever it was at the start of the test
-# This line must be executed _after_ all test cases.
+--echo #
+--echo # Bug#28071 mysqlimport does not quote or escape table name
+--echo #
+
+--disable_warnings
+drop table if exists `load`;
+--enable_warnings
+create table `load` (a varchar(255));
+
+--copy_file std_data/words.dat $MYSQLTEST_VARDIR/tmp/load.txt
+
+--exec $MYSQL_IMPORT --ignore test $MYSQLTEST_VARDIR/tmp/load.txt
+
+select count(*) from `load`;
+
+--remove_file $MYSQLTEST_VARDIR/tmp/load.txt
+
+drop table `load`;
+
+# We reset concurrent_inserts value to whatever it was at the start of the
+# test This line must be executed _after_ all test cases.
 SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;