Bug #110469 Check for identifier quotes (backticks) in database name and add if necessary
Submitted: 22 Mar 2023 18:09 Modified: 11 May 2023 22:44
Reporter: Brent Gardner (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / Python Severity:S4 (Feature request)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[22 Mar 2023 18:09] Brent Gardner
Description:
In the Python MySQLConnection.database setter function at https://github.com/mysql/mysql-connector-python/blob/master/lib/mysql/connector/connection..., the database name is not enclosed in identifier quote characters (backticks), which may throw syntax errors if the database names includes some non-alphanumeric characters (such as a hyphen). I am requesting that the database name be checked if it is already enclosed by backticks (i.e. the user supplied the name with backticks), and if not, enclose it in backticks for use in the "USE" command.  As the database name is an argument and not SQL, it should be appropriately handled to prevent SQL syntax errors.

How to repeat:
Create a database with a hyphen in its name.
Connect to the database with the Python MySQL connector, passing the database name without backticks.
See a SQL syntax error.

Suggested fix:
Enclose the database name in backticks (if they do not exist already) when using internal SQL queries.
[23 Mar 2023 9:47] MySQL Verification Team
Hello Brent Gardner,

Thank you for the feature request.

regards,
Umesh
[24 Mar 2023 18:44] Brent Gardner
Potential fix:
https://github.com/mysql/mysql-connector-python/pull/89
[6 Apr 2023 18:43] OCA Admin
Contribution submitted via Github - BUG#110469: Backtick database name if necessary 
(*) Contribution by Brent Gardner (Github bggardner, mysql-connector-python/pull/89#issuecomment-1499419797): I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: git_patch_1289476348.txt (text/plain), 822 bytes.

[28 Apr 2023 10:19] Nuno Mariz
Posted by developer:
 
Thank you for your contribution.
[11 May 2023 22:44] Philip Olson
Posted by developer:
 
Fixed as of the upcoming MySQL Connector/Python 8.1.0 release, and here's the proposed changelog entry from the documentation team:

An error was raised when setting the database name on a connection that
included non-alphanumeric characters. This only applied to the pure Python
implementation. 

Thanks to Brent Gardner for the contribution. 

Thank you for the bug report.