Bug #72736 bad assumption leads to modify query to CALL <sql> even when CommandType.Text
Submitted: 24 May 2014 7:31 Modified: 10 Aug 2022 17:17
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:6.8.3 OS:Any
Assigned to: Assigned Account CPU Architecture:Any

[24 May 2014 7:31] Shane Bester
Description:
When running adhoc random queries I noticed the c/net is trying to call stored procedures when I didn't ask it to.  

I'd think a connector should *never* modify the sql a user sends. Especially since I am explicitly setting "cmd.CommandType = CommandType.Text;" 

How to repeat:
In a c/net app and in mysql client, try run these perfectly valid queries (that have no spaces!):

do(1);
select`user`from`mysql`.`user`;
select(left('test',1));

With --general-log=1 --loose-log-raw on server, we see c/net runs it as this!!

3 Query  call do(1)
3 Query  call select`user`from`mysql`.`user`
3 Query  call select(left('test',1))

Suggested fix:
This code responsible for the flaw:

private static List<string> SingleWordKeywords = new List<string>(new string[] { "COMMIT", "ROLLBACK", "USE", "BEGIN", "END" });

...

// validates single word statetment (maybe is a stored procedure call)
if (sql.IndexOf(" ") == -1 && !SingleWordKeywords.Contains(sql.ToUpper()))
{
         sql = "call " + sql;
}
[10 Aug 2022 17:17] Daniel Valdez
This bug has been fixed since MySQL Connector/Net 6.7.7 release.