Commit 1c9e45c3 authored by Jim Winstead's avatar Jim Winstead

Table identifiers and file names were not quoted and escaped correctly by

mysqlimport. (Bug #28071)
parent 86dc69e0
...@@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv) ...@@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv)
static int write_to_table(char *filename, MYSQL *mysql) static int write_to_table(char *filename, MYSQL *mysql)
{ {
char tablename[FN_REFLEN], hard_path[FN_REFLEN], char tablename[FN_REFLEN], hard_path[FN_REFLEN],
sql_statement[FN_REFLEN*16+256], *end; escaped_name[FN_REFLEN * 2 + 1],
sql_statement[FN_REFLEN*16+256], *end, *pos;
DBUG_ENTER("write_to_table"); DBUG_ENTER("write_to_table");
DBUG_PRINT("enter",("filename: %s",filename)); DBUG_PRINT("enter",("filename: %s",filename));
...@@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql) ...@@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql)
fprintf(stdout, "Loading data from SERVER file: %s into %s\n", fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
hard_path, tablename); hard_path, tablename);
} }
mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path));
sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
opt_low_priority ? "LOW_PRIORITY" : "", opt_low_priority ? "LOW_PRIORITY" : "",
opt_local_file ? "LOCAL" : "", hard_path); opt_local_file ? "LOCAL" : "", escaped_name);
end= strend(sql_statement); end= strend(sql_statement);
if (replace) if (replace)
end= strmov(end, " REPLACE"); end= strmov(end, " REPLACE");
if (ignore) if (ignore)
end= strmov(end, " IGNORE"); end= strmov(end, " IGNORE");
end= strmov(strmov(end, " INTO TABLE "), tablename); end= strmov(end, " INTO TABLE `");
/* Turn any ` into `` in table name. */
for (pos= tablename; *pos; pos++)
{
if (*pos == '`')
*end++= '`';
*end++= *pos;
}
end= strmov(end, "`");
if (fields_terminated || enclosed || opt_enclosed || escaped) if (fields_terminated || enclosed || opt_enclosed || escaped)
end= strmov(end, " FIELDS"); end= strmov(end, " FIELDS");
......
...@@ -4439,6 +4439,16 @@ drop view v1; ...@@ -4439,6 +4439,16 @@ drop view v1;
drop table t1; drop table t1;
drop view v1; drop view v1;
drop table t1; drop table t1;
#
# Bug#28071 mysqlimport does not quote or escape table name
#
drop table if exists `load`;
create table `load` (a varchar(255));
test.load: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0
select count(*) from `load`;
count(*)
70
drop table `load`;
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
# #
# End of 5.1 tests # End of 5.1 tests
......
...@@ -1971,8 +1971,27 @@ drop table t1; ...@@ -1971,8 +1971,27 @@ drop table t1;
--remove_file $MYSQLTEST_VARDIR/tmp/v1.sql --remove_file $MYSQLTEST_VARDIR/tmp/v1.sql
# We reset concurrent_inserts value to whatever it was at the start of the test --echo #
# This line must be executed _after_ all test cases. --echo # Bug#28071 mysqlimport does not quote or escape table name
--echo #
--disable_warnings
drop table if exists `load`;
--enable_warnings
create table `load` (a varchar(255));
--copy_file std_data/words.dat $MYSQLTEST_VARDIR/tmp/load.txt
--exec $MYSQL_IMPORT --ignore test $MYSQLTEST_VARDIR/tmp/load.txt
select count(*) from `load`;
--remove_file $MYSQLTEST_VARDIR/tmp/load.txt
drop table `load`;
# We reset concurrent_inserts value to whatever it was at the start of the
# test This line must be executed _after_ all test cases.
SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT; SET @@GLOBAL.CONCURRENT_INSERT = @OLD_CONCURRENT_INSERT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment