Re: [PR] [minor] Fix potential sql connection statement issue [flink-cdc]

via GitHub Sun, 03 Aug 2025 20:02:38 -0700


yuxiqian commented on code in PR #4069:
URL: https://github.com/apache/flink-cdc/pull/4069#discussion_r2250304629



##########
flink-cdc-connect/flink-cdc-source-connectors/flink-connector-mysql-cdc/src/main/java/org/apache/flink/cdc/connectors/mysql/source/utils/StatementUtils.java:
##########
@@ -225,7 +225,7 @@ public static PreparedStatement readTableSplitDataStatement(
     }
 
     public static String quote(String dbOrTableName) {
-        return "`" + dbOrTableName + "`";
+        return "`" + dbOrTableName.replace("`", "``") + "`";

Review Comment:
   Seems reasonable. This issue, if we can't capture tables with backtick 
characters, is more like a limitation of function instead of a vulnerability 
issue.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] [minor] Fix potential sql connection statement issue [flink-cdc]

Reply via email to