Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
From case #314126: i18nstrings failure on PostgreSQL I learned that PostgreSQL have some system columns that are blocked. See http://www.postgresql.org/docs/8.3/static/ddl-system-columns.html for more information. I think we should check for oid, tableoid, xmin, cmin, xmax, cmax and ctid and throw an error if used in CREATE TABLE statements. I'm not sure if it's allowed to use this columns in select/update/insert.
Such a check seems missing as it wasn't reported when I used coder on the i18n modules.
Comments
Comment #1
stella CreditAttribution: stella commentedWell in Drupal 6, there was the introduction of the Schema API which means no module should be using a CREATE TABLE sql queries. So I'm unsure if coder of the schema api should be checking for usage of the reserved column names.
Comment #2
hass CreditAttribution: hass commentedOk, new topic. Schema should be validated for invalid and/or reserved column names.
I'm not sure if mysql also have such reserved columns... if so, also check for them.
Comment #3
hass CreditAttribution: hass commentedAny news?
Comment #4
klausiCoder for Drupal 6 is now frozen and only security fixes will be applied. Feel free to update this issue and reopen against 7.x-2.x or 8.x-2.x.
Comment #5
hass CreditAttribution: hass commentedComment #6
pfrenssenThis seems to be very outdated, using raw queries is strongly discouraged since the database abstraction layer was introduced in Drupal 7. In any case it is not within the scope of Coder Sniffer to check for invalid column names when creating database tables for specific engines. We are solely concerned with coding standards. It would be better to address these in the postgres component of the database layer.
Comment #7
hass CreditAttribution: hass commentedThis is not a problem of raw querys only. Many if not most developers are not aware of reserved column names. "current" is also such a reserved name in mssql. It was used by fault on workbench module.
It can easily happen that reserved names go into core without getting noticed. Coder does complain about invalid code style, but also about well known other code type issues as I know.
We should really add this. Nodody can know everything of every type of database he may not use. Such issuescan cause serious bugs and we should prevent this. I think there is no better place than coder to do this checks.
Comment #8
pfrenssenI'm not a Postgres expert but if this is so important doesn't it make more sense to you to add checks for these reserved column names to
\Drupal\Core\Database\Driver\pgsql\Schema::createTable()
?If an exception would be thrown there then it will simply be impossible for anyone to ever create a table with reserved column names, that's a lot more reliable than hoping that someone will do a coding standards check with the CoderSniffer ruleset before deploying to production.
It's also a lot easier to implement it in the database layer than in Coder. We just do static source code analysis, the code is not actually being executed. Because the database layer is abstracted it is impossible for us to determine which database engine is being used when we encounter calls to
db_create_table()
orSchemaInterface::createTable()
.Comment #9
hass CreditAttribution: hass commentedWell, maybe a good idea. Than this needs to go into Core?
Comment #10
hass CreditAttribution: hass commentedThis should go into https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Extension... and we can block the module enable process if the schema contains disallowed system columns.