diff options
author | Jim Winstead <jimw@mysql.com> | 2009-05-19 15:26:57 -0700 |
---|---|---|
committer | Jim Winstead <jimw@mysql.com> | 2009-05-19 15:26:57 -0700 |
commit | 209e34c95f69fffe27bb7caafd41aa814166e305 (patch) | |
tree | 46c72146dc02874535a5528e4fa92ed780b07912 /client | |
parent | 37da9aa851738281431c3730a4c65deeaccc31bc (diff) | |
download | mariadb-git-209e34c95f69fffe27bb7caafd41aa814166e305.tar.gz |
Table identifiers and file names were not quoted and escaped correctly by
mysqlimport. (Bug #28071)
Diffstat (limited to 'client')
-rw-r--r-- | client/mysqlimport.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/client/mysqlimport.c b/client/mysqlimport.c index ec418244f3d..5a8fabd4da7 100644 --- a/client/mysqlimport.c +++ b/client/mysqlimport.c @@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv) static int write_to_table(char *filename, MYSQL *mysql) { char tablename[FN_REFLEN], hard_path[FN_REFLEN], - sql_statement[FN_REFLEN*16+256], *end; + escaped_name[FN_REFLEN * 2 + 1], + sql_statement[FN_REFLEN*16+256], *end, *pos; DBUG_ENTER("write_to_table"); DBUG_PRINT("enter",("filename: %s",filename)); @@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql) fprintf(stdout, "Loading data from SERVER file: %s into %s\n", hard_path, tablename); } + mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path)); sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", opt_low_priority ? "LOW_PRIORITY" : "", - opt_local_file ? "LOCAL" : "", hard_path); + opt_local_file ? "LOCAL" : "", escaped_name); end= strend(sql_statement); if (replace) end= strmov(end, " REPLACE"); if (ignore) end= strmov(end, " IGNORE"); - end= strmov(strmov(end, " INTO TABLE "), tablename); + end= strmov(end, " INTO TABLE `"); + /* Turn any ` into `` in table name. */ + for (pos= tablename; *pos; pos++) + { + if (*pos == '`') + *end++= '`'; + *end++= *pos; + } + end= strmov(end, "`"); if (fields_terminated || enclosed || opt_enclosed || escaped) end= strmov(end, " FIELDS"); |