Bug #14919 dont escapes wildcards in `mysql`.`db`.`Db`
Submitted: 14 Nov 2005 11:10 Modified: 1 Aug 2006 13:20
Reporter: Sebastian Mendel (Basic Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Administrator Severity:S2 (Serious)
Version:1.1.4 OS:Windows (Windows XP SP2)
Assigned to: Vladimir Kolesnikov CPU Architecture:Any
Tags: User Management

[14 Nov 2005 11:10] Sebastian Mendel 
Description:
MySQL 5.0.15-nt-max via TCP/IP

granting a user rights to database `test_test` inserts 'test_test' into `mysql`.`db`.`Db` but it should be 'test\_test', or shouldnt it?

How to repeat:
grant an user rights to schema with _ or % in the name for example `test_test`

Suggested fix:
escape _ and % before inserting
[16 Nov 2005 18:50] Valeriy Kravchuk 
Thank you for a problem report. MySQL Administrator works just as you described. But mysql command line client works the same way:

C:\Documents and Settings\openxs>mysql -uroot -p -P3307
Enter password: ****
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.15-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database test_test;
Query OK, 1 row affected (0.01 sec)

mysql> grant all on `test_test`.* to user11 identified by 'user11';
Query OK, 0 rows affected (0.04 sec)

mysql> select user, Db from mysql.db where user like 'user1%';
+--------+-----------+
| user   | Db        |
+--------+-----------+
| user1  | test      |
| user11 | test_test |
| user12 | test_test | <-- this user was granted all on test_test in Admin.
+--------+-----------+
3 rows in set (0.00 sec)

The manual clearly states (http://dev.mysql.com/doc/refman/5.0/en/request-access.html):

"The wildcard characters ‘%’ and ‘_’ can be used in the Host and Db columns of either table. These have the same meaning as for pattern-matching operations performed with the LIKE operator. If you want to use either character literally when granting privileges, you must escape it with a backslash. For example, to include the underscore character (‘_’) as part of a database name, specify it as ‘\_’ in the GRANT statement."

Neither me not escaped _, nor MySQL Administrator did it by default. May be, it is a feature request, but I am not sure that it is a bug. What do you think?
[16 Nov 2005 22:07] Sebastian Mendel 
i think it's bug!

as the manual says i have to escape % and _ if this are not wildcards, so this is clearly that i have to do this in the command line client

but the MySQL Administrator doesnt give me a choice,
it shows me the databases and says i can edit the rights for THIS databases, but in fact i do edit the rights for the wildcard, and if right click it clearly says 'Add Schema with wildcards' what lets me more expect that the list does not contain wildcards
[16 Nov 2005 22:09] Sebastian Mendel 
the administrator should initialy display the schemas escaped,
and of course not silently escape them
[17 Nov 2005 17:33] Valeriy Kravchuk 
OK. I agree with you. Let's GUI tools developers decide is it something to change (as we agreed now), or at least to document in the prominent place as a current limitation of the MySQL Administrator.