From 338198dc839c9526f1d4d9758c43da9e34c6d9ce Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Thu, 6 Feb 2003 17:49:29 +0000
Subject: [PATCH] should backquote the field named comment

---
 ChangeLog                    | 3 +++
 Documentation.html           | 2 +-
 db_details_importdocsql.php3 | 2 +-
 libraries/relation.lib.php3  | 2 +-
 tbl_relation.php3            | 6 +++---
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 99058e340..7d9546e4c 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@ $Source$
 
 2003-02-06 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/sqlparser.lib.php3: PHP3 parse error
+    * Documentation.html, db_details_importdocsql.php3, tbl_relation.php3,
+      libraries/relation.lib.php3: bug 681298, we should always backquote
+      a restricted word like "comment" when used as an identifier
 
 2003-02-05 Alexander M. Turek  <rabus@users.sourceforge.net>
     * db_details.php3, tbl_query_box.php3: Disabled the autoselect feature of
diff --git a/Documentation.html b/Documentation.html
index 3465a01d3..2062854ed 100755
--- a/Documentation.html
+++ b/Documentation.html
@@ -769,7 +769,7 @@ $cfg['PmaAbsoluteUri'] = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://'
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;db_name varchar(64) NOT NULL default '',<br />
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;table_name varchar(64) NOT NULL default '',<br />
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;column_name varchar(64) NOT NULL default '',<br />
-                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;comment varchar(255) NOT NULL default '',<br />
+                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`comment` varchar(255) NOT NULL default '',<br />
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;PRIMARY KEY (id),<br />
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;UNIQUE KEY db_name (db_name, table_name, column_name)<br />
                 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;) TYPE=MyISAM COMMENT='Comments for Columns';<br />
diff --git a/db_details_importdocsql.php3 b/db_details_importdocsql.php3
index 733c60f85..09e90e30a 100644
--- a/db_details_importdocsql.php3
+++ b/db_details_importdocsql.php3
@@ -49,7 +49,7 @@ if (isset($do) && $do == 'import') {
                         $inf     = explode('|',$line);
                         if (!empty($inf[1]) && strlen(trim($inf[1])) > 0) {
                             $qry = 'INSERT INTO ' . PMA_backquote($cfgRelation['column_comments'])
-                                 . ' (db_name, table_name, column_name, comment) '
+                                 . ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ') '
                                  . ' VALUES('
                                  . '\'' . PMA_sqlAddslashes($db) . '\','
                                  . '\'' . PMA_sqlAddslashes(trim($tab)) . '\','
diff --git a/libraries/relation.lib.php3 b/libraries/relation.lib.php3
index d49d2e13e..0520e3f99 100644
--- a/libraries/relation.lib.php3
+++ b/libraries/relation.lib.php3
@@ -297,7 +297,7 @@ if (!defined('PMA_RELATION_LIB_INCLUDED')){
     function PMA_getComments($db, $table) {
         global $cfgRelation;
 
-        $com_qry  = 'SELECT column_name, comment FROM ' . PMA_backquote($cfgRelation['column_comments'])
+        $com_qry  = 'SELECT column_name, ' . PMA_backquote('comment') . ' FROM ' . PMA_backquote($cfgRelation['column_comments'])
                   . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
                   . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
         $com_rs   = PMA_query_as_cu($com_qry);
diff --git a/tbl_relation.php3 b/tbl_relation.php3
index 441fd1666..9a56c219d 100644
--- a/tbl_relation.php3
+++ b/tbl_relation.php3
@@ -105,7 +105,7 @@ if ($cfgRelation['displaywork']
 if ($cfgRelation['commwork']
     && isset($submit_comm) && $submit_comm == 'true') {
     while (list($key, $value) = each($comment)) {
-        $test_qry  = 'SELECT comment FROM ' . PMA_backquote($cfgRelation['column_comments'])
+        $test_qry  = 'SELECT ' . PMA_backquote('comment') . ' FROM ' . PMA_backquote($cfgRelation['column_comments'])
                    . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
                    . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
                    . ' AND column_name = \'' . PMA_handleSlashes($key) . '\'';
@@ -113,7 +113,7 @@ if ($cfgRelation['commwork']
         if ($test_rs && mysql_num_rows($test_rs) > 0) {
             if (strlen($value) > 0) {
                 $upd_query = 'UPDATE ' . PMA_backquote($cfgRelation['column_comments'])
-                           . ' SET comment = \'' . PMA_handleSlashes($value) . '\''
+                           . ' SET ' . PMA_backquote('comment') . ' = \'' . PMA_handleSlashes($value) . '\''
                            . ' WHERE db_name  = \'' . PMA_sqlAddslashes($db) . '\''
                            . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
                            . ' AND column_name = \'' . PMA_handleSlashes($key) . '\'';
@@ -125,7 +125,7 @@ if ($cfgRelation['commwork']
             }
         } else if (strlen($value) > 0) {
             $upd_query = 'INSERT INTO ' . PMA_backquote($cfgRelation['column_comments'])
-                       . ' (db_name, table_name, column_name, comment) '
+                       . ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ') '
                        . ' VALUES('
                        . '\'' . PMA_sqlAddslashes($db) . '\','
                        . '\'' . PMA_sqlAddslashes($table) . '\','