--- loncom/interface/lonmysql.pm	2005/08/24 19:33:32	1.35
+++ loncom/interface/lonmysql.pm	2007/04/11 22:37:17	1.37
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # MySQL utility functions
 #
-# $Id: lonmysql.pm,v 1.35 2005/08/24 19:33:32 matthew Exp $
+# $Id: lonmysql.pm,v 1.37 2007/04/11 22:37:17 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -87,14 +87,15 @@ and provide a common interface.  The goa
 a complete reimplementation of the DBI interface.  Instead we try to 
 make using mysql as painless as possible.
 
-Each table has a numeric ID that is a parameter to most lonmysql functions.
-The table id is returned by &create_table.  
-If you lose the table id, it is lost forever.
-The table names in MySQL correspond to 
-$env{'user.name'}.'_'.$env{'user.domain'}.'_'.$table_id.  If the table id 
-is non-numeric, it is assumed to be the full name of a table.  If you pass
-the table id in a form, you MUST ensure that what you send to lonmysql is
-numeric, otherwise you are opening up all the tables in the MySQL database.
+Each table has a numeric ID that is a parameter to most lonmysql
+functions.  The table id is returned by &create_table.  If you lose
+the table id, it is lost forever.  The table names in MySQL correspond
+to $env{'user.name'}.'_'.$env{'user.domain'}.'_'.$table_id. (With all
+non-word characters removed form user.name and user.domain) If the
+table id is non-numeric, it is assumed to be the full name of a table.
+If you pass the table id in a form, you MUST ensure that what you send
+to lonmysql is numeric, otherwise you are opening up all the tables in
+the MySQL database.
 
 =over 4
 
@@ -824,6 +825,25 @@ sub build_table_creation_request {
 
 =pod
 
+=item &get_table_prefix()
+
+returns the cleaned version of user.name and user.domain for us in table names
+
+=cut
+
+###############################
+sub get_table_prefix {
+    my $clean_name   = $env{'user.name'};
+    my $clean_domain = $env{'user.domain'};
+    $clean_name =~ s/\W//g;
+    $clean_domain =~ s/\W//g;
+    return $clean_name.'_'.$clean_domain.'_';
+}
+
+###############################
+
+=pod
+
 =item &get_new_table_id()
 
 Used internally to prevent table name collisions.
@@ -834,8 +854,9 @@ Used internally to prevent table name co
 sub get_new_table_id {
     my $newid = 0;
     my @tables = &tables_in_db();
+    my $prefix = &get_table_prefix();
     foreach (@tables) {
-        if (/^$env{'user.name'}_$env{'user.domain'}_(\d+)$/) {
+        if (/^\Q$prefix\E(\d+)$/) {
             $newid = $1 if ($1 > $newid);
         }
     }
@@ -1114,7 +1135,7 @@ sub translate_id {
     # id should be a digit.  If it is not a digit we assume the given id
     # is complete and does not need to be translated.
     return $id if ($id =~ /\D/);  
-    return $env{'user.name'}.'_'.$env{'user.domain'}.'_'.$id;
+    return &get_table_prefix().$id;
 }
 
 ###########################################