On Fri, Apr 5, 2013 at 8:01 PM, Marc Delisle <marc@infomarc.info> wrote:
Kasun Chathuranga a écrit :
> Hi all,
>
> I'm trying to fix bug #3865[1] and I have some queries regarding the
> expected behavior that I'd like to get clarified.

Hi,
I have not yet tried to reproduce this bug, have you?

Yes, I was able to reproduce the bug.

>
> MySQL LIKE clause takes a regular expression as its argument[2].

Not exactly; it takes a "SQL simple regular expression" which is not the
same as a regular expression.
 
Thanks for the clarification.


 > In the
> table search interface phpMyAdmin facilitate querying a field with a LIKE
> clause by letting the user select the option from a drop down.
>
> So I'd like to know whether phpMyAdmin should consider the text entered by
> the user to be a regular expression (and pass it as it is) or consider it
> to be the text to match (and do the necessary escaping)?
>
> If we are to escape the user entered text following are some of the
> replacements that should be done
> % => \%
> _ => \_
> \ => \\ (at the end of the text) or \\\\ (any where else in the text)
> \n => \\n
>
> If we escape the user entered text, user cannot query with MySQL wildcards
> % and _, limiting the full power of MySQL pattern matching.

Users expect to be able to enter MySQL wildcards, so this behavior must
be maintained.

There is an optional boolean parameter named $is_like in the PMA_Util::sqlAddSlashes() method to indicate whether the slash added text is used inside a LIKE clause; just that it has not been used in this case. I will fix this and submit a pull request.

--
Regards
Kasun Chathuranga