From 5b65fca36c5c217940cb28cd59c6153b4f1c51c3 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 30 Aug 2019 12:11:47 +0200 Subject: [PATCH] fixes #1068 escape the `rank` new MySQL 8 reserved word This time, we do it right before sending the query to MySQL, in the pwg_query function. This is not optimal, because we add extra processing, useless most of the time. This solution has less impact on code, and automatically work for all core and plugins SQL queries. --- include/dblayer/functions_mysqli.inc.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/dblayer/functions_mysqli.inc.php b/include/dblayer/functions_mysqli.inc.php index 6f8c6d683..ed2e8d738 100644 --- a/include/dblayer/functions_mysqli.inc.php +++ b/include/dblayer/functions_mysqli.inc.php @@ -128,6 +128,15 @@ function pwg_query($query) { global $mysqli, $conf, $page, $debug, $t2; + // starting with MySQL 8, rank becomes a reserved keyword, we need to escape it + if (preg_match('/\brank\b/', $query)) + { + // first we unescape what's already escaped (to avoid double escaping) + $query = preg_replace('/`rank`/', 'rank', $query); + // then we escape the keyword + $query = preg_replace('/\brank\b/', '`rank`', $query); + } + $start = microtime(true); ($result = $mysqli->query($query)) or my_error($query, $conf['die_on_sql_error']);