| Bug #104913 | Cannot execute stored procedure with backtick in name | ||
|---|---|---|---|
| Submitted: | 11 Sep 2021 4:00 | Modified: | 1 Jun 2022 15:19 |
| Reporter: | Bradley Grainger (OCA) | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | Connector / NET | Severity: | S2 (Serious) |
| Version: | 8.0.26 | OS: | Windows (10) |
| Assigned to: | CPU Architecture: | Any | |
[11 Sep 2021 10:20]
MySQL Verification Team
Hello Bradley, Thank you for the report and test case. Verified as described. regards, Umesh
[1 Jun 2022 15:19]
Christine Cole
Posted by developer: Fixed as of the upcoming MySQL Connector/NET 8.0.30 release, and here's the proposed changelog entry from the documentation team: MySqlCommand.CommandText emitted an error if the stored procedure to execute included one or more backtick characters (`) in the name. Thank you for the bug report.
Description: It's not possible to set MySqlCommand.CommandText to the name of a stored procedure that contains a backtick, then execute that stored procedure. Instead, you receive MySqlException: Procedure or function 'ab' cannot be found in database 'db'. How to repeat: Create the following stored procedure: DELIMITER $$ CREATE PROCEDURE `a``b` () BEGIN SELECT 'test' AS Result; END $$ Run this C#: using var connection = new MySqlConnection("..."); connection.Open(); using var command = connection.CreateCommand(); command.CommandType = CommandType.StoredProcedure; // none of these work command.CommandText = "`a``b`"; // command.CommandText = "a`b"; // command.CommandText = "a``b"; // throws MySqlException using var reader = command.ExecuteReader(); Suggested fix: MySqlCommand.CommandText should allow the escaped name of a stored procedure, potentially fully-qualified with the database name, e.g., "db.`a``b`".