doctrine/archived-orm
1
0
Fork 0
mirror of https://github.com/doctrine/orm.git synced 2026-03-23 22:42:18 +01:00
Code Issues 5.3k Packages Projects Releases 100 Wiki Activity

Doctrine is not Auto-Escaping Columns #5150

New Issue
Closed
opened 2026-01-22 14:59:47 +01:00 by admin · 9 comments
admin commented 2026-01-22 14:59:47 +01:00
Owner
Copy Link

Originally created by @alexgurrola on GitHub (Jun 14, 2016).

Originally assigned to: @Ocramius on GitHub.

We have an entity with the column 'limit', but this is a reserved keyword in MySQL. Logically, Doctrine ORM should be Auto-Escaping these Columns, but it's stuck in this ideology that we must escape them in the Column name.

An exception occurred while executing 'INSERT INTO content_stream (pagingType, limit, enableSearch, siteId, vendorId, time, timeEdit, timeStatus, status, userId, editUserId, viewVersionId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' with params ["pager", null, 0, 13, null, 1465943902, 1465943902, null, 1, 4, 4, 38064]:

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'limit, enableSearch, siteId, vendorId, time, timeEdit, timeStatus, status, userI' at line 1

According to Issue #2409, we tried the following workaround.

@Column(name="`limit`")

This does work for our current situation, but this is a very fragile train of logic and Doctrine ORM should be providing this level of safety, regardless of whether it is a reserved keyword or not.

Originally created by @alexgurrola on GitHub (Jun 14, 2016). Originally assigned to: @Ocramius on GitHub. We have an entity with the column 'limit', but this is a reserved keyword in MySQL. Logically, Doctrine ORM should be Auto-Escaping these Columns, but it's stuck in this ideology that we must escape them in the Column name. ``` An exception occurred while executing 'INSERT INTO content_stream (pagingType, limit, enableSearch, siteId, vendorId, time, timeEdit, timeStatus, status, userId, editUserId, viewVersionId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' with params ["pager", null, 0, 13, null, 1465943902, 1465943902, null, 1, 4, 4, 38064]: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'limit, enableSearch, siteId, vendorId, time, timeEdit, timeStatus, status, userI' at line 1 ``` According to Issue [#2409](https://github.com/doctrine/doctrine2/issues/2409), we tried the following workaround. ``` @Column(name="`limit`") ``` This does work for our current situation, but this is a very fragile train of logic and Doctrine ORM should be providing this level of safety, regardless of whether it is a reserved keyword or not.
admin added the BugCan't FixInvalid labels 2026-01-22 14:59:47 +01:00
admin closed this issue 2026-01-22 14:59:47 +01:00
admin commented 2026-01-22 14:59:49 +01:00
Author
Owner
Copy Link

@phansys commented on GitHub (Jun 14, 2016):

See #2409.

@phansys commented on GitHub (Jun 14, 2016): See #2409.
admin commented 2026-01-22 14:59:49 +01:00
Author
Owner
Copy Link

@Ocramius commented on GitHub (Jun 15, 2016):

This is a well known limitation documented at http://doctrine-orm.readthedocs.io/projects/doctrine-orm/en/latest/reference/limitations-and-known-issues.html#identifier-quoting-and-legacy-databases

We will change this for Doctrine 3.x, but for 2.x, auto-quoting of identifiers is a no-go, mostly because of case sensitivity issues.

Please note that this doesn't cause security issues per se, as mappings are not user input, but static application information.

@Ocramius commented on GitHub (Jun 15, 2016): This is a well known limitation documented at http://doctrine-orm.readthedocs.io/projects/doctrine-orm/en/latest/reference/limitations-and-known-issues.html#identifier-quoting-and-legacy-databases We will change this for Doctrine 3.x, but for 2.x, auto-quoting of identifiers is a no-go, mostly because of case sensitivity issues. Please note that this doesn't cause security issues per se, as mappings are not user input, but static application information.
admin commented 2026-01-22 14:59:49 +01:00
Author
Owner
Copy Link

@alexgurrola commented on GitHub (Jun 20, 2016):

@Ocramius Understood. Since this is the case, is there a way to check out Doctrine 3.x? All of my searching has turned up null.

@alexgurrola commented on GitHub (Jun 20, 2016): @Ocramius Understood. Since this is the case, is there a way to check out Doctrine 3.x? All of my searching has turned up null.
admin commented 2026-01-22 14:59:50 +01:00
Author
Owner
Copy Link

@Ocramius commented on GitHub (Jun 20, 2016):

Check the develop branch

@Ocramius commented on GitHub (Jun 20, 2016): Check the `develop` branch
admin commented 2026-01-22 14:59:50 +01:00
Author
Owner
Copy Link

@Ocramius commented on GitHub (Oct 19, 2017):

@richRemer you know that we still get email notifications, even if you delete messages, right?

@Ocramius commented on GitHub (Oct 19, 2017): @richRemer you know that we still get email notifications, even if you delete messages, right?
admin commented 2026-01-22 14:59:51 +01:00
Author
Owner
Copy Link

@richRemer commented on GitHub (Oct 19, 2017):

I assumed so. I deleted it because I realized I misunderstood your Doctrine
Beta 3 release notes from 2010 to be Doctrine 3 Beta. Leaving it up there
served no purpose.

The new release could really use some SEO. I could not find any roadmap for
release, so the promise for a fix in v3 is not useful.

On Oct 19, 2017 8:31 AM, "Marco Pivetta" notifications@github.com wrote:

@richRemer https://github.com/richremer you know that we still get
email notifications, even if you delete messages, right?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/doctrine/doctrine2/issues/5874#issuecomment-337945499,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABrlGbIKFLzjzDUza50sp_7fQDkOUCEGks5st2tMgaJpZM4I12PU
.

@richRemer commented on GitHub (Oct 19, 2017): I assumed so. I deleted it because I realized I misunderstood your Doctrine Beta 3 release notes from 2010 to be Doctrine 3 Beta. Leaving it up there served no purpose. The new release could really use some SEO. I could not find any roadmap for release, so the promise for a fix in v3 is not useful. On Oct 19, 2017 8:31 AM, "Marco Pivetta" <notifications@github.com> wrote: > @richRemer <https://github.com/richremer> you know that we still get > email notifications, even if you delete messages, right? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/doctrine/doctrine2/issues/5874#issuecomment-337945499>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABrlGbIKFLzjzDUza50sp_7fQDkOUCEGks5st2tMgaJpZM4I12PU> > . >
admin commented 2026-01-22 14:59:51 +01:00
Author
Owner
Copy Link

@acataluddi commented on GitHub (May 29, 2018):

This is a well known limitation documented at http://doctrine-orm.readthedocs.io/projects/doctrine-orm/en/latest/reference/limitations-and-known-issues.html#identifier-quoting-and-legacy-databases

Hi, is there any way to escape reserved words in XML metatdata? Putting `reserved` works but breaks the XSD validation.

Thanks,
Adriano

@acataluddi commented on GitHub (May 29, 2018): > This is a well known limitation documented at http://doctrine-orm.readthedocs.io/projects/doctrine-orm/en/latest/reference/limitations-and-known-issues.html#identifier-quoting-and-legacy-databases Hi, is there any way to escape reserved words in XML metatdata? Putting `` `reserved` `` works but breaks the XSD validation. Thanks, Adriano
admin commented 2026-01-22 14:59:51 +01:00
Author
Owner
Copy Link

@ToonSpinISAAC commented on GitHub (Sep 3, 2019):

The documentation page mention seems to have been moved here.

@ToonSpinISAAC commented on GitHub (Sep 3, 2019): The documentation page mention seems to have been moved [here](https://www.doctrine-project.org/projects/doctrine-orm/en/2.6/reference/limitations-and-known-issues.html#limitations-and-known-issues).
admin commented 2026-01-22 14:59:53 +01:00
Author
Owner
Copy Link

@GitFoxDev commented on GitHub (Apr 9, 2024):

Doctrine 3.1. The problem is relevant.

@GitFoxDev commented on GitHub (Apr 9, 2024): Doctrine 3.1. The problem is relevant.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
BC Break
Bug
Can't Fix
Deprecation
Documentation
DQL
Duplicate
Failing Test
Hacktoberfest
Improvement
Improvement
Incomplete
Invalid
Missing Tests
New Feature
PR Created
pull-request
Mirrored from GitHub Pull Request
 Question
Regression
Status: Waiting feedback
Waiting feedback
WIP
Won't Fix
No Label Bug Can't Fix Invalid
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: doctrine/archived-orm#5150
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?