Handle backticks in stored procedure names. Fixes #1029

bgrainger · bgrainger · commit 54d42378005b · 2021-09-10T21:39:18.000-07:00
- Fix bug that didn't unescape backticks when getting stored procedure information.
- Update documentation to call this out as a change from Connector/NET.
- Note a Connnector/NET bug found during testing.
diff --git a/docs/content/api/MySqlConnector/MySqlCommand/CommandText.md b/docs/content/api/MySqlConnector/MySqlCommand/CommandText.md
@@ -4,10 +4,16 @@ title: MySqlCommand.CommandText property
 
 # MySqlCommand.CommandText property
 
+Gets or sets the command text to execute.
+
 ```csharp
 public override string CommandText { get; set; }
 ```
 
+## Remarks
+
+If [`CommandType`](../CommandType/) is Text, this is one or more SQL statements to execute. If [`CommandType`](../CommandType/) is StoredProcedure, this is the name of the stored procedure; any special characters in the stored procedure name must be quoted or escaped.
+
 ## See Also
 
 * class [MySqlCommand](../../MySqlCommandType/)
diff --git a/docs/content/api/MySqlConnector/MySqlCommandType.md b/docs/content/api/MySqlConnector/MySqlCommandType.md
@@ -16,7 +16,7 @@ public sealed class MySqlCommand : DbCommand, ICloneable
 | --- | --- |
 | [MySqlCommand](../MySqlCommand/MySqlCommand/)() | Initializes a new instance of the [`MySqlCommand`](../MySqlCommandType/) class. |
 | [MySqlCommand](../MySqlCommand/MySqlCommand/)(…) | Initializes a new instance of the [`MySqlCommand`](../MySqlCommandType/) class, setting [`CommandText`](../MySqlCommand/CommandText/) to *commandText*. (4 constructors) |
-| override [CommandText](../MySqlCommand/CommandText/) { get; set; } |  |
+| override [CommandText](../MySqlCommand/CommandText/) { get; set; } | Gets or sets the command text to execute. |
 | override [CommandTimeout](../MySqlCommand/CommandTimeout/) { get; set; } |  |
 | override [CommandType](../MySqlCommand/CommandType/) { get; set; } |  |
 | [Connection](../MySqlCommand/Connection/) { get; set; } |  |
diff --git a/docs/content/tutorials/migrating-from-connector-net.md b/docs/content/tutorials/migrating-from-connector-net.md
@@ -148,6 +148,8 @@ property doesn’t reference the active transaction. This fixes <a href="https:/
 To disable this strict validation, set <code>IgnoreCommandTransaction=true</code>
 in the connection string. See [Transaction Usage](/troubleshooting/transaction-usage/) for more details.
 
+If `MySqlCommand.CommandType` is `CommandType.StoredProcedure`, the stored procedure name assigned to `MySqlCommand.CommandText` must have any special characters escaped or quoted. Connector/NET will automatically quote some characters (such as spaces); MySqlConnector leaves this up to the developer.
+
 ### MySqlDataAdapter
 
 Connector/NET provides `MySqlDataAdapter.FillAsync`, `FillSchemaAsync`, and `UpdateAsync` methods, but these methods
@@ -284,3 +286,4 @@ The following bugs in Connector/NET are fixed by switching to MySqlConnector. (~
 * [#103390](https://bugs.mysql.com/bug.php?id=103390): Can't query `CHAR(36)` column if `MySqlCommand` is prepared
 * [#103801](https://bugs.mysql.com/bug.php?id=103801): `TimeSpan` parameters lose microseconds with prepared statement
 * [#103819](https://bugs.mysql.com/bug.php?id=103819): Can't use `StringBuilder` containing non-BMP characters as `MySqlParameter.Value`
+* [#104913](https://bugs.mysql.com/bug.php?id=104913): Cannot execute stored procedure with backtick in name
diff --git a/src/MySqlConnector/Core/NormalizedSchema.cs b/src/MySqlConnector/Core/NormalizedSchema.cs
@@ -29,13 +29,13 @@ public NormalizedSchema(string name, string? defaultSchema = null)
 			if (match.Success)
 			{
 				if (match.Groups[3].Success)
-					Component = match.Groups[3].Value.Trim();
+					Component = match.Groups[3].Value.Replace("``", "`").Trim();
 				else if (match.Groups[4].Success)
 					Component = match.Groups[4].Value.Trim();
 
 				string firstGroup = "";
 				if (match.Groups[1].Success)
-					firstGroup = match.Groups[1].Value.Trim();
+					firstGroup = match.Groups[1].Value.Replace("``", "`").Trim();
 				else if (match.Groups[2].Success)
 					firstGroup = match.Groups[2].Value.Trim();
 				if (Component is null)
diff --git a/src/MySqlConnector/MySqlCommand.cs b/src/MySqlConnector/MySqlCommand.cs
@@ -173,7 +173,12 @@ private bool NeedsPrepare(out Exception? exception)
 			return Connection.Session.TryGetPreparedStatement(CommandText!) is null;
 		}
 
-		/// <inheritdoc/>
+		/// <summary>
+		/// Gets or sets the command text to execute.
+		/// </summary>
+		/// <remarks>If <see cref="CommandType"/> is <see cref="CommandType.Text"/>, this is one or more SQL statements to execute.
+		/// If <see cref="CommandType"/> is <see cref="CommandType.StoredProcedure"/>, this is the name of the stored procedure; any
+		/// special characters in the stored procedure name must be quoted or escaped.</remarks>
 		[AllowNull]
 		public override string CommandText
 		{
diff --git a/tests/MySqlConnector.Tests/NormalizeTests.cs b/tests/MySqlConnector.Tests/NormalizeTests.cs
@@ -12,11 +12,19 @@ public class NormalizeTests
 		[InlineData(" mysql . data ", "mysql", "data")]
 		[InlineData("`mysql`.data", "mysql", "data")]
 		[InlineData("mysql.`data`", "mysql", "data")]
-		[InlineData("`my``sql`.`da``ta`", "my``sql", "da``ta")]
+		[InlineData("`my``sql`.`da``ta`", "my`sql", "da`ta")]
 		[InlineData("`mysql.data`", null, "mysql.data")]
 		[InlineData("mysqldata", null, "mysqldata")]
 		[InlineData("my`sql.data", null, null)]
 		[InlineData("mysql.da`ta", null, null)]
+		[InlineData("sproc_name", null, "sproc_name")]
+		[InlineData("`sproc name`", null, "sproc name")]
+		[InlineData("db_name.sproc_name", "db_name", "sproc_name")]
+		[InlineData("`db name`.sproc_name", "db name", "sproc_name")]
+		[InlineData("db_name.`sproc name`", "db_name", "sproc name")]
+		[InlineData("`db name`.`sproc name`", "db name", "sproc name")]
+		[InlineData("`db``name`.sproc_name", "db`name", "sproc_name")]
+		[InlineData("db_name.`sproc``name`", "db_name", "sproc`name")]
 		public void NormalizeSchema(string input, string expectedSchema, string expectedComponent)
 		{
 			var normalized = new NormalizedSchema(input);
diff --git a/tests/SideBySide/StoredProcedureTests.cs b/tests/SideBySide/StoredProcedureTests.cs
@@ -787,6 +787,35 @@ public void EnumProcedure(bool prepare)
 			Assert.False(reader.Read());
 		}
 
+		[SkippableTheory(Baseline = "https://bugs.mysql.com/bug.php?id=104913")]
+		[InlineData("`a b`")]
+		[InlineData("`a.b`")]
+		[InlineData("`a``b`")]
+		[InlineData("`a b.c ``d`")]
+		public void SprocNameSpecialCharacters(string sprocName)
+		{
+			using var connection = CreateOpenConnection();
+
+			using (var command = new MySqlCommand($@"DROP PROCEDURE IF EXISTS {sprocName};
+CREATE PROCEDURE {sprocName} ()
+	BEGIN
+		SELECT 'test' AS Result;
+	END;", connection))
+			{
+				command.ExecuteNonQuery();
+			}
+
+			using (var command = new MySqlCommand(sprocName, connection))
+			{
+				command.CommandType = CommandType.StoredProcedure;
+
+				using var reader = command.ExecuteReader();
+				Assert.True(reader.Read());
+				Assert.Equal("test", reader.GetString(0));
+				Assert.False(reader.Read());
+			}
+		}
+
 		private static string NormalizeSpaces(string input)
 		{
 			input = input.Replace('\r', ' ');

Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,12 @@ private bool NeedsPrepare(out Exception? exception)`
`173`	`173`	`return Connection.Session.TryGetPreparedStatement(CommandText!) is null;`
`174`	`174`	`}`
`175`	`175`
`176`		`- /// <inheritdoc/>`
	`176`	`+ /// <summary>`
	`177`	`+ /// Gets or sets the command text to execute.`
	`178`	`+ /// </summary>`
	`179`	`+ /// <remarks>If <see cref="CommandType"/> is <see cref="CommandType.Text"/>, this is one or more SQL statements to execute.`
	`180`	`+ /// If <see cref="CommandType"/> is <see cref="CommandType.StoredProcedure"/>, this is the name of the stored procedure; any`
	`181`	`+ /// special characters in the stored procedure name must be quoted or escaped.</remarks>`
`177`	`182`	`[AllowNull]`
`178`	`183`	`public override string CommandText`
`179`	`184`	`{`