LOL -- João Cândido de Souza Neto
"mos" <mo...@fastmail.fm> escreveu na mensagem news:6.0.0.22.2.20110224093057.044a0...@mail.messagingengine.com... > At 05:13 AM 2/24/2011, you wrote: >>Use a quote around the column name or explicitly specify the column as >><table>.<column> (as for e.g. mytable.group) in the query. For more >>details refer to >>http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html >> >>Thanks >>Aveek > > Hmmm. Everyone has given me a great idea. I am going to change my table > names to "Table", "Group", "Having", "Select", "Into", "Order By", > "Update", "Delete" etc. just to confuse hackers so they won't be able to > launch a sql injection attack against my website. The naming convention > will drive them crazy. > > Mike > (Just kidding) > > > >>On Feb 24, 2011, at 4:36 PM, Dave M G wrote: >> >> > MySQL users, >> > >> > Simple question: >> > >> > In one table in my database, the column was named "group". >> > >> > I kept getting failed query errors until I renamed the column. >> > >> > I've never before encountered a situation where MySQL mistook a column >> > name for part of the query syntax. >> > >> > Should I never use the word "group" for column names? Seems a little >> > silly. Is there a way to protect column names to that there is no >> confusion? >> > >> > -- >> > Dave M G >> > >> > -- >> > MySQL General Mailing List >> > For list archives: http://lists.mysql.com/mysql >> > To unsubscribe: >> > http://lists.mysql.com/mysql?unsub=ave...@yahoo-inc.com >> > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
