[Owncloud] Commiting Oracle support tomorrow, beware of SQL without escaped identifiers

Jörn Friedrich Dreyer jfd at owncloud.com
Fri Aug 24 17:31:42 UTC 2012


I am currently merging master into my personal stable4-oracle branch and
will commit oracle support tomorrow. This will allow us to give the
implementation a lot of testing before owncloud customers will be using
it in production.

On the bad side I had to make changes to ALL SQL statements.
On the good side the changes are consistent and leave no room for
exceptions:
1. Escape every identifier with backticks ('SELECT user' ... becomes
'SELECT `user`)
2. Move LIMIT & OFFSET SQL to a parameter for OC_DB::prepare()
3. Disable using PDO for oracle.

Why:
1. In contrast to mysql, postgrasql and sqlite oracle uppercases
unescaped identifiers. This leads to a ton of nameclashes with 'user',
'uid', 'gid' and others, so escaping them is the right way.
2. oracle does not know limit and offset, which is why mdb2 also
provides limit and offset parameters to add the necessary SQL or a
workaround for oracle.
3. PDO for oracle is unstable and in general a PITA to set up.

If you want to help testing with oracle suport, there is an express
version free of charge limited to 18GB of data and one CPU:
http://www.oracle.com/technetwork/products/express-edition/downloads/index.html

+1 for introducing doctrine

so long

Jörn

-- 
Jörn Friedrich Dreyer (jfd at owncloud.com)
Software Developer
ownCloud GmbH

Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)



More information about the Owncloud mailing list