Changeset

8073:7361412a9664

SQL: Use standard quotes for columns and other identifiers, rewrite to grave accents for MySQL only (fixes #885)
author Kim Alvefur <zash@zash.se>
date Mon, 10 Apr 2017 23:13:39 +0200 (2017-04-10)
parents 8072:194409dcba22
children 8074:4b403f881176 8075:a4dd08fd64cf
files plugins/mod_storage_sql.lua tools/migration/migrator/prosody_sql.lua util/sql.lua
diffstat 3 files changed, 72 insertions(+), 74 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_storage_sql.lua	Mon Apr 10 20:28:02 2017 +0200
+++ b/plugins/mod_storage_sql.lua	Mon Apr 10 23:13:39 2017 +0200
@@ -58,9 +58,9 @@
 	local haveany;
 	local result = {};
 	local select_sql = [[
-	SELECT `key`,`type`,`value`
-	FROM `prosody`
-	WHERE `host`=? AND `user`=? AND `store`=?;
+	SELECT "key","type","value"
+	FROM "prosody"
+	WHERE "host"=? AND "user"=? AND "store"=?;
 	]]
 	for row in engine:select(select_sql, host, user or "", store) do
 		haveany = true;
@@ -80,14 +80,14 @@
 end
 local function keyval_store_set(data)
 	local delete_sql = [[
-	DELETE FROM `prosody`
-	WHERE `host`=? AND `user`=? AND `store`=?
+	DELETE FROM "prosody"
+	WHERE "host"=? AND "user"=? AND "store"=?
 	]];
 	engine:delete(delete_sql, host, user or "", store);
 
 	local insert_sql = [[
-	INSERT INTO `prosody`
-	(`host`,`user`,`store`,`key`,`type`,`value`)
+	INSERT INTO "prosody"
+	("host","user","store","key","type","value")
 	VALUES (?,?,?,?,?,?);
 	]]
 	if data and next(data) ~= nil then
@@ -130,9 +130,9 @@
 function keyval_store:users()
 	local ok, result = engine:transaction(function()
 		local select_sql = [[
-		SELECT DISTINCT `user`
-		FROM `prosody`
-		WHERE `host`=? AND `store`=?;
+		SELECT DISTINCT "user"
+		FROM "prosody"
+		WHERE "host"=? AND "store"=?;
 		]];
 		return engine:select(select_sql, host, self.store);
 	end);
@@ -149,9 +149,9 @@
 function map_store:get(username, key)
 	local ok, result = engine:transaction(function()
 		local query = [[
-		SELECT `type`, `value`
-		FROM `prosody`
-		WHERE `host`=? AND `user`=? AND `store`=? AND `key`=?
+		SELECT "type", "value"
+		FROM "prosody"
+		WHERE "host"=? AND "user"=? AND "store"=? AND "key"=?
 		LIMIT 1
 		]];
 		local data;
@@ -177,18 +177,18 @@
 function map_store:set_keys(username, keydatas)
 	local ok, result = engine:transaction(function()
 		local delete_sql = [[
-		DELETE FROM `prosody`
-		WHERE `host`=? AND `user`=? AND `store`=? AND `key`=?;
+		DELETE FROM "prosody"
+		WHERE "host"=? AND "user"=? AND "store"=? AND "key"=?;
 		]];
 		local insert_sql = [[
-		INSERT INTO `prosody`
-		(`host`,`user`,`store`,`key`,`type`,`value`)
+		INSERT INTO "prosody"
+		("host","user","store","key","type","value")
 		VALUES (?,?,?,?,?,?);
 		]];
 		local select_extradata_sql = [[
-		SELECT `type`, `value`
-		FROM `prosody`
-		WHERE `host`=? AND `user`=? AND `store`=? AND `key`=?
+		SELECT "type", "value"
+		FROM "prosody"
+		WHERE "host"=? AND "user"=? AND "store"=? AND "key"=?
 		LIMIT 1;
 		]];
 		for key, data in pairs(keydatas) do
@@ -227,12 +227,12 @@
 	with = with or "";
 	local ok, ret = engine:transaction(function()
 		local delete_sql = [[
-		DELETE FROM `prosodyarchive`
-		WHERE `host`=? AND `user`=? AND `store`=? AND `key`=?;
+		DELETE FROM "prosodyarchive"
+		WHERE "host"=? AND "user"=? AND "store"=? AND "key"=?;
 		]];
 		local insert_sql = [[
-		INSERT INTO `prosodyarchive`
-		(`host`, `user`, `store`, `when`, `with`, `key`, `type`, `value`)
+		INSERT INTO "prosodyarchive"
+		("host", "user", "store", "when", "with", "key", "type", "value")
 		VALUES (?,?,?,?,?,?,?,?);
 		]];
 		if key then
@@ -253,27 +253,27 @@
 	-- Time range, inclusive
 	if query.start then
 		args[#args+1] = query.start
-		where[#where+1] = "`when` >= ?"
+		where[#where+1] = "\"when\" >= ?"
 	end
 
 	if query["end"] then
 		args[#args+1] = query["end"];
 		if query.start then
-			where[#where] = "`when` BETWEEN ? AND ?" -- is this inclusive?
+			where[#where] = "\"when\" BETWEEN ? AND ?" -- is this inclusive?
 		else
-			where[#where+1] = "`when` <= ?"
+			where[#where+1] = "\"when\" <= ?"
 		end
 	end
 
 	-- Related name
 	if query.with then
-		where[#where+1] = "`with` = ?";
+		where[#where+1] = "\"with\" = ?";
 		args[#args+1] = query.with
 	end
 
 	-- Unique id
 	if query.key then
-		where[#where+1] = "`key` = ?";
+		where[#where+1] = "\"key\" = ?";
 		args[#args+1] = query.key
 	end
 end
@@ -282,11 +282,11 @@
 	-- Before or after specific item, exclusive
 	if query.after then  -- keys better be unique!
 		where[#where+1] = [[
-		`sort_id` > COALESCE(
+		"sort_id" > COALESCE(
 			(
-				SELECT `sort_id`
-				FROM `prosodyarchive`
-				WHERE `key` = ? AND `host` = ? AND `user` = ? AND `store` = ?
+				SELECT "sort_id"
+				FROM "prosodyarchive"
+				WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ?
 				LIMIT 1
 			), 0)
 		]];
@@ -295,16 +295,16 @@
 	end
 	if query.before then
 		where[#where+1] = [[
-		`sort_id` < COALESCE(
+		"sort_id" < COALESCE(
 			(
-				SELECT `sort_id`
-				FROM `prosodyarchive`
-				WHERE `key` = ? AND `host` = ? AND `user` = ? AND `store` = ?
+				SELECT "sort_id"
+				FROM "prosodyarchive"
+				WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ?
 				LIMIT 1
 			),
 			(
-				SELECT MAX(`sort_id`)+1
-				FROM `prosodyarchive`
+				SELECT MAX("sort_id")+1
+				FROM "prosodyarchive"
 			)
 		)
 		]]
@@ -318,19 +318,19 @@
 	local total;
 	local ok, result = engine:transaction(function()
 		local sql_query = [[
-		SELECT `key`, `type`, `value`, `when`, `with`
-		FROM `prosodyarchive`
+		SELECT "key", "type", "value", "when", "with"
+		FROM "prosodyarchive"
 		WHERE %s
-		ORDER BY `sort_id` %s%s;
+		ORDER BY "sort_id" %s%s;
 		]];
 		local args = { host, user or "", store, };
-		local where = { "`host` = ?", "`user` = ?", "`store` = ?", };
+		local where = { "\"host\" = ?", "\"user\" = ?", "\"store\" = ?", };
 
 		archive_where(query, args, where);
 
 		-- Total matching
 		if query.total then
-			local stats = engine:select("SELECT COUNT(*) FROM `prosodyarchive` WHERE "
+			local stats = engine:select("SELECT COUNT(*) FROM \"prosodyarchive\" WHERE "
 				.. t_concat(where, " AND "), unpack(args));
 			if stats then
 				for row in stats do
@@ -365,9 +365,9 @@
 	query = query or {};
 	local user,store = username,self.store;
 	local ok, stmt = engine:transaction(function()
-		local sql_query = "DELETE FROM `prosodyarchive` WHERE %s;";
+		local sql_query = "DELETE FROM \"prosodyarchive\" WHERE %s;";
 		local args = { host, user or "", store, };
-		local where = { "`host` = ?", "`user` = ?", "`store` = ?", };
+		local where = { "\"host\" = ?", "\"user\" = ?", "\"store\" = ?", };
 		if user == true then
 			table.remove(args, 2);
 			table.remove(where, 2);
@@ -401,7 +401,7 @@
 end
 
 function driver:stores(username)
-	local query = "SELECT DISTINCT `store` FROM `prosody` WHERE `host`=? AND `user`" ..
+	local query = "SELECT DISTINCT \"store\" FROM \"prosody\" WHERE \"host\"=? AND \"user\"" ..
 		(username == true and "!=?" or "=?");
 	if username == true or not username then
 		username = "";
@@ -415,7 +415,7 @@
 
 function driver:purge(username)
 	return engine:transaction(function()
-		local stmt,err = engine:delete("DELETE FROM `prosody` WHERE `host`=? AND `user`=?", host, username);
+		local stmt,err = engine:delete("DELETE FROM \"prosody\" WHERE \"host\"=? AND \"user\"=?", host, username);
 		return true, err;
 	end);
 end
@@ -467,7 +467,7 @@
 				changes = true;
 				if apply_changes then
 					module:log("info", "Upgrading database schema...");
-					engine:execute("ALTER TABLE prosody MODIFY COLUMN `value` MEDIUMTEXT");
+					engine:execute("ALTER TABLE prosody MODIFY COLUMN \"value\" MEDIUMTEXT");
 					module:log("info", "Database table automatically upgraded");
 				end
 			end
@@ -482,9 +482,9 @@
 
 		-- COMPAT w/pre-0.10: Upgrade table to UTF-8 if not already
 		local check_encoding_query = [[
-		SELECT `COLUMN_NAME`,`COLUMN_TYPE`,`TABLE_NAME`
-		FROM `information_schema`.`columns`
-		WHERE `TABLE_NAME` LIKE 'prosody%%' AND ( `CHARACTER_SET_NAME`!='%s' OR `COLLATION_NAME`!='%s_bin' );
+		SELECT "COLUMN_NAME","COLUMN_TYPE","TABLE_NAME"
+		FROM "information_schema"."columns"
+		WHERE "TABLE_NAME" LIKE 'prosody%%' AND ( "CHARACTER_SET_NAME"!='%s' OR "COLLATION_NAME"!='%s_bin' );
 		]];
 		check_encoding_query = check_encoding_query:format(engine.charset, engine.charset);
 		-- FIXME Is it ok to ignore the return values from this?
@@ -495,8 +495,8 @@
 				changes = true;
 				if apply_changes then
 					module:log("warn", "Found %d columns in prosody table requiring encoding change, updating now...", n_bad_columns);
-					local fix_column_query1 = "ALTER TABLE `%s` CHANGE `%s` `%s` BLOB;";
-					local fix_column_query2 = "ALTER TABLE `%s` CHANGE `%s` `%s` %s CHARACTER SET '%s' COLLATE '%s_bin';";
+					local fix_column_query1 = "ALTER TABLE \"%s\" CHANGE \"%s\" \"%s\" BLOB;";
+					local fix_column_query2 = "ALTER TABLE \"%s\" CHANGE \"%s\" \"%s\" %s CHARACTER SET '%s' COLLATE '%s_bin';";
 					for row in result:rows() do
 						local column_name, column_type, table_name  = unpack(row);
 						module:log("debug", "Fixing column %s in table %s", column_name, table_name);
--- a/tools/migration/migrator/prosody_sql.lua	Mon Apr 10 20:28:02 2017 +0200
+++ b/tools/migration/migrator/prosody_sql.lua	Mon Apr 10 23:13:39 2017 +0200
@@ -92,9 +92,9 @@
 
 			-- COMPAT w/pre-0.10: Upgrade table to UTF-8 if not already
 			local check_encoding_query = [[
-			SELECT `COLUMN_NAME`,`COLUMN_TYPE`,`TABLE_NAME`
-			FROM `information_schema`.`columns`
-			WHERE `TABLE_NAME` LIKE 'prosody%%' AND ( `CHARACTER_SET_NAME`!='%s' OR `COLLATION_NAME`!='%s_bin' );
+			SELECT "COLUMN_NAME","COLUMN_TYPE","TABLE_NAME"
+			FROM "information_schema"."columns"
+			WHERE "TABLE_NAME" LIKE 'prosody%%' AND ( "CHARACTER_SET_NAME"!='%s' OR "COLLATION_NAME"!='%s_bin' );
 			]];
 			check_encoding_query = check_encoding_query:format(engine.charset, engine.charset);
 			local result = engine:execute(check_encoding_query);
@@ -116,7 +116,7 @@
 	end));
 	local keys = {"host", "user", "store", "key", "type", "value"};
 	assert(engine:connect());
-	local f,s,val = assert(engine:select("SELECT `host`, `user`, `store`, `key`, `type`, `value` FROM `prosody`;"));
+	local f,s,val = assert(engine:select("SELECT \"host\", \"user\", \"store\", \"key\", \"type\", \"value\" FROM \"prosody\";"));
 	-- get SQL rows, sorted
 	local iter = mtools.sorted {
 		reader = function() val = f(s, val); return val; end;
@@ -157,8 +157,8 @@
 		create_table(engine);
 	end));
 	assert(engine:connect());
-	assert(engine:delete("DELETE FROM prosody"));
-	local insert_sql = "INSERT INTO `prosody` (`host`,`user`,`store`,`key`,`type`,`value`) VALUES (?,?,?,?,?,?)";
+	assert(engine:delete("DELETE FROM \"prosody\""));
+	local insert_sql = "INSERT INTO \"prosody\" (\"host\",\"user\",\"store\",\"key\",\"type\",\"value\") VALUES (?,?,?,?,?,?)";
 
 	return function(item)
 		if not item then assert(engine.conn:commit()) return end -- end of input
--- a/util/sql.lua	Mon Apr 10 20:28:02 2017 +0200
+++ b/util/sql.lua	Mon Apr 10 23:13:39 2017 +0200
@@ -128,8 +128,8 @@
 end
 
 function engine:prepquery(sql)
-	if self.params.driver == "PostgreSQL" then
-		sql = sql:gsub("`", "\"");
+	if self.params.driver == "MySQL" then
+		sql = sql:gsub("\"", "`");
 	end
 	return sql;
 end
@@ -242,27 +242,26 @@
 	return ok, ret;
 end
 function engine:_create_index(index)
-	local sql = "CREATE INDEX `"..index.name.."` ON `"..index.table.."` (";
+	local sql = "CREATE INDEX \""..index.name.."\" ON \""..index.table.."\" (";
 	for i=1,#index do
-		sql = sql.."`"..index[i].."`";
+		sql = sql.."\""..index[i].."\"";
 		if i ~= #index then sql = sql..", "; end
 	end
 	sql = sql..");"
-	if self.params.driver == "PostgreSQL" then
-		sql = sql:gsub("`", "\"");
-	elseif self.params.driver == "MySQL" then
-		sql = sql:gsub("`([,)])", "`(20)%1");
+	if self.params.driver == "MySQL" then
+		sql = sql:gsub("\"([,)])", "\"(20)%1");
 	end
 	if index.unique then
 		sql = sql:gsub("^CREATE", "CREATE UNIQUE");
 	end
+	sql = self:prepquery(sql);
 	if self._debug then
 		debugquery("create", sql);
 	end
 	return self:execute(sql);
 end
 function engine:_create_table(table)
-	local sql = "CREATE TABLE `"..table.name.."` (";
+	local sql = "CREATE TABLE \""..table.name.."\" (";
 	for i,col in ipairs(table.c) do
 		local col_type = col.type;
 		if col_type == "MEDIUMTEXT" and self.params.driver ~= "MySQL" then
@@ -271,7 +270,7 @@
 		if col.auto_increment == true and self.params.driver == "PostgreSQL" then
 			col_type = "BIGSERIAL";
 		end
-		sql = sql.."`"..col.name.."` "..col_type;
+		sql = sql.."\""..col.name.."\" "..col_type;
 		if col.nullable == false then sql = sql.." NOT NULL"; end
 		if col.primary_key == true then sql = sql.." PRIMARY KEY"; end
 		if col.auto_increment == true then
@@ -284,11 +283,10 @@
 		if i ~= #table.c then sql = sql..", "; end
 	end
 	sql = sql.. ");"
-	if self.params.driver == "PostgreSQL" then
-		sql = sql:gsub("`", "\"");
-	elseif self.params.driver == "MySQL" then
+	if self.params.driver == "MySQL" then
 		sql = sql:gsub(";$", (" CHARACTER SET '%s' COLLATE '%s_bin';"):format(self.charset, self.charset));
 	end
+	sql = self:prepquery(sql);
 	if self._debug then
 		debugquery("create", sql);
 	end
@@ -316,7 +314,7 @@
 	local charset = "utf8";
 	if driver == "MySQL" then
 		self:transaction(function()
-			for row in self:select"SELECT `CHARACTER_SET_NAME` FROM `information_schema`.`CHARACTER_SETS` WHERE `CHARACTER_SET_NAME` LIKE 'utf8%' ORDER BY MAXLEN DESC LIMIT 1;" do
+			for row in self:select"SELECT \"CHARACTER_SET_NAME\" FROM \"information_schema\".\"CHARACTER_SETS\" WHERE \"CHARACTER_SET_NAME\" LIKE 'utf8%' ORDER BY MAXLEN DESC LIMIT 1;" do
 				charset = row and row[1] or charset;
 			end
 		end);