From 0f67501da3f31046f1dab4f3f39e5eeda39e2ac7 Mon Sep 17 00:00:00 2001 From: Andrey Pyzhikov <5071@mail.ru> Date: Fri, 21 Jan 2022 05:21:40 +0800 Subject: [PATCH 1/2] Added alias escaping in subquery --- system/Database/BaseBuilder.php | 3 ++- tests/system/Database/Builder/FromTest.php | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/system/Database/BaseBuilder.php b/system/Database/BaseBuilder.php index 8bbaf764dcf1..a3fc6c7563d3 100644 --- a/system/Database/BaseBuilder.php +++ b/system/Database/BaseBuilder.php @@ -2767,9 +2767,10 @@ protected function buildSubquery($builder, bool $wrapped = false, string $alias if ($wrapped) { $subquery = '(' . $subquery . ')'; + $alias = trim($alias); if ($alias !== '') { - $subquery .= " AS {$alias}"; + $subquery .= ' AS ' . ($this->db->protectIdentifiers ? $this->db->escapeIdentifiers($alias) : $alias); } } diff --git a/tests/system/Database/Builder/FromTest.php b/tests/system/Database/Builder/FromTest.php index fee171e9ca42..b0e3ee335035 100644 --- a/tests/system/Database/Builder/FromTest.php +++ b/tests/system/Database/Builder/FromTest.php @@ -103,19 +103,19 @@ public function testFromReset() public function testFromSubquery() { - $expectedSQL = 'SELECT * FROM (SELECT * FROM "users") AS alias'; + $expectedSQL = 'SELECT * FROM (SELECT * FROM "users") AS "alias"'; $subquery = new BaseBuilder('users', $this->db); $builder = $this->db->newQuery()->fromSubquery($subquery, 'alias'); $this->assertSame($expectedSQL, str_replace("\n", ' ', $builder->getCompiledSelect())); - $expectedSQL = 'SELECT * FROM (SELECT "id", "name" FROM "users") AS users_1'; + $expectedSQL = 'SELECT * FROM (SELECT "id", "name" FROM "users") AS "users_1"'; $subquery = (new BaseBuilder('users', $this->db))->select('id, name'); $builder = $this->db->newQuery()->fromSubquery($subquery, 'users_1'); $this->assertSame($expectedSQL, str_replace("\n", ' ', $builder->getCompiledSelect())); - $expectedSQL = 'SELECT * FROM (SELECT * FROM "users") AS alias, "some_table"'; + $expectedSQL = 'SELECT * FROM (SELECT * FROM "users") AS "alias", "some_table"'; $subquery = new BaseBuilder('users', $this->db); $builder = $this->db->newQuery()->fromSubquery($subquery, 'alias')->from('some_table'); @@ -145,7 +145,7 @@ public function testFromSubqueryWithSQLSRV() $builder->fromSubquery($subquery, 'users_1'); - $expectedSQL = 'SELECT * FROM "test"."dbo"."jobs", (SELECT * FROM "test"."dbo"."users") AS users_1'; + $expectedSQL = 'SELECT * FROM "test"."dbo"."jobs", (SELECT * FROM "test"."dbo"."users") AS "users_1"'; $this->assertSame($expectedSQL, str_replace("\n", ' ', $builder->getCompiledSelect())); } From d8406d98edd1d60229c916519d8e76aaaa16d756 Mon Sep 17 00:00:00 2001 From: Andrey Pyzhikov <5071@mail.ru> Date: Sat, 22 Jan 2022 09:17:54 +0800 Subject: [PATCH 2/2] Fix: Escaping subquery alias docs Signed-off-by: Andrey Pyzhikov <5071@mail.ru> --- user_guide_src/source/database/query_builder.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index 84d70732488a..d21896e3c251 100755 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -234,7 +234,7 @@ This is where we add a subquery to an existing table.:: $builder = $db->table('jobs')->fromSubquery($subquery, 'alias'); $query = $builder->get(); - // Produces: SELECT * FROM `jobs`, (SELECT * FROM `users`) AS alias + // Produces: SELECT * FROM `jobs`, (SELECT * FROM `users`) AS `alias` Use the ``$db->newQuery()`` method to make a subquery the main table.:: @@ -242,7 +242,7 @@ Use the ``$db->newQuery()`` method to make a subquery the main table.:: $builder = $db->newQuery()->fromSubquery($subquery, 't'); $query = $builder->get(); - // Produces: SELECT * FROM (SELECT `id`, `name` FROM users) AS t + // Produces: SELECT * FROM (SELECT `id`, `name` FROM users) AS `t` Join ====