github/jooq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[#3297] Bind variables are erroneously inlined into quoted identifiers, if identifiers contain question marks

Browse Source
This commit is contained in:
Lukas Eder 2014-06-02 10:40:10 +02:00
parent 6b11b93ba4
commit f3e1dee970
4 changed files with 228 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
jOOQ/src/main/java/org/jooq/impl/DefaultRenderContext.java
View File

@ -49,6 +49,10 @@ import static org.jooq.conf.ParamType.NAMED;
import static org.jooq.conf.RenderNameStyle.LOWER;
import static org.jooq.conf.RenderNameStyle.QUOTED;
import static org.jooq.conf.RenderNameStyle.UPPER;
import static org.jooq.impl.Identifiers.QUOTES;
import static org.jooq.impl.Identifiers.QUOTE_END_DELIMITER;
import static org.jooq.impl.Identifiers.QUOTE_END_DELIMITER_ESCAPED;
import static org.jooq.impl.Identifiers.QUOTE_START_DELIMITER;
import static org.jooq.impl.Utils.DATA_COUNT_BIND_VALUES;
import java.util.Arrays;
@ -365,41 +369,11 @@ class DefaultRenderContext extends AbstractContext<RenderContext> implements Ren
sql(literal);
}
else {
switch (family) {
String[][] quotes = QUOTES.get(family);
// MySQL supports backticks and double quotes
case MARIADB:
case MYSQL:
sql("`").sql(StringUtils.replace(literal, "`", "``")).sql("`");
break;
/* [pro] xx
xx xxxxx xxxxxxxxx xxx xxxxxxxx
xxxx xxxxxxx
xxxx xxxx
xxxx xxxxxxxxxx
xxxx xxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxx xxxxxxxxxxxxxxxx
xxxxxx
xx [/pro] */
// Most dialects implement the SQL standard, using double quotes
/* [pro] xx
xxxx xxxx
xxxx xxxxxxx
xxxx xxxxxxx
xx [/pro] */
case CUBRID:
case DERBY:
case FIREBIRD:
case H2:
case HSQLDB:
case POSTGRES:
case SQLITE:
default:
sql('"').sql(StringUtils.replace(literal, "\"", "\"\"")).sql('"');
break;
}
sql(quotes[QUOTE_START_DELIMITER][0]);
sql(StringUtils.replace(literal, quotes[QUOTE_END_DELIMITER][0], quotes[QUOTE_END_DELIMITER_ESCAPED][0]));
sql(quotes[QUOTE_END_DELIMITER][0]);
}
return this;

124
jOOQ/src/main/java/org/jooq/impl/Identifiers.java Normal file
View File

@ -0,0 +1,124 @@
/**
* Copyright (c) 2009-2014, Data Geekery GmbH (http://www.datageekery.com)
* All rights reserved.
*
* This work is dual-licensed
* - under the Apache Software License 2.0 (the "ASL")
* - under the jOOQ License and Maintenance Agreement (the "jOOQ License")
* =============================================================================
* You may choose which license applies to you:
*
* - If you're using this work with Open Source databases, you may choose
* either ASL or jOOQ License.
* - If you're using this work with at least one commercial database, you must
* choose jOOQ License
*
* For more information, please visit http://www.jooq.org/licenses
*
* Apache Software License 2.0:
* -----------------------------------------------------------------------------
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* jOOQ License and Maintenance Agreement:
* -----------------------------------------------------------------------------
* Data Geekery grants the Customer the non-exclusive, timely limited and
* non-transferable license to install and use the Software under the terms of
* the jOOQ License and Maintenance Agreement.
*
* This library is distributed with a LIMITED WARRANTY. See the jOOQ License
* and Maintenance Agreement for more details: http://www.jooq.org/licensing
*/
package org.jooq.impl;
import java.util.EnumMap;
import org.jooq.SQLDialect;
/**
* An internal utility class for SQL identifiers.
*
* @author Lukas Eder
*/
class Identifiers {
/**
* The structure is:
* <p>
* <pre>
* SQLDialect -> {
* { main start delimiter, alternative start delimiter, ... },
* { main end delimiter, alternative end delimiter, ... },
* { main escaped end delimiter, alternative escaped end delimiter, ... },
* ...
* }
* </pre>
*/
static final EnumMap<SQLDialect, String[][]> QUOTES;
static final int QUOTE_START_DELIMITER = 0;
static final int QUOTE_END_DELIMITER = 1;
static final int QUOTE_END_DELIMITER_ESCAPED = 2;
static {
QUOTES = new EnumMap<SQLDialect, String[][]>(SQLDialect.class);
for (SQLDialect family : SQLDialect.families()) {
switch (family) {
// MySQL supports backticks and double quotes
case MARIADB:
case MYSQL:
QUOTES.put(family, new String[][] {
{ "`" , "\""},
{ "`" , "\""},
{ "``", "\"\"" }
});
break;
/* [pro] xx
xx xxxxx xxxxxxxxx xxx xxxxxxxx
xxxx xxxxxxx
xxxx xxxx
xxxx xxxxxxxxxx
xxxx xxxxxxx
xxxxxxxxxxxxxxxxxx xxx xxxxxxxxxx x
x xxx xx
x xxx xx
x xxxx x
xxx
xxxxxx
xx [/pro] */
// Most dialects implement the SQL standard, using double quotes
/* [pro] xx
xxxx xxxx
xxxx xxxxxxx
xxxx xxxxxxx
xx [/pro] */
case CUBRID:
case DERBY:
case FIREBIRD:
case H2:
case HSQLDB:
case POSTGRES:
case SQLITE:
default:
QUOTES.put(family, new String[][] {
{ "\""},
{ "\""},
{ "\"\"" }
});
break;
}
}
}
}

67
jOOQ/src/main/java/org/jooq/impl/Utils.java
View File

@ -55,6 +55,10 @@ import static org.jooq.impl.DSL.getDataType;
import static org.jooq.impl.DSL.nullSafe;
import static org.jooq.impl.DSL.val;
import static org.jooq.impl.DefaultExecuteContext.localConnection;
import static org.jooq.impl.Identifiers.QUOTES;
import static org.jooq.impl.Identifiers.QUOTE_END_DELIMITER;
import static org.jooq.impl.Identifiers.QUOTE_END_DELIMITER_ESCAPED;
import static org.jooq.impl.Identifiers.QUOTE_START_DELIMITER;
import static org.jooq.tools.jdbc.JDBCUtils.safeFree;
import static org.jooq.tools.jdbc.JDBCUtils.wasNull;
import static org.jooq.tools.reflect.Reflect.accessible;
@ -1030,6 +1034,10 @@ final class Utils {
// [#1593] Create a dummy renderer if we're in bind mode
if (render == null) render = new DefaultRenderContext(bind.configuration());
SQLDialect dialect = render.configuration().dialect();
SQLDialect family = dialect.family();
String[][] quotes = QUOTES.get(family);
for (int i = 0; i < sqlChars.length; i++) {
// [#1797] Skip content inside of single-line comments, e.g.
@ -1087,6 +1095,50 @@ final class Utils {
render.sql(sqlChars[i]);
}
// [#3297] Skip ? inside of quoted identifiers, e.g.
// update x set v = "Column Name with a ? (question mark)"
else if (peekAny(sqlChars, i, quotes[QUOTE_START_DELIMITER])) {
// Main identifier delimiter or alternative one?
int delimiter = 0;
for (int d = 0; d < quotes[QUOTE_START_DELIMITER].length; d++) {
if (peek(sqlChars, i, quotes[QUOTE_START_DELIMITER][d])) {
delimiter = d;
break;
}
}
// Consume the initial identifier delimiter
for (int d = 0; d < quotes[QUOTE_START_DELIMITER][delimiter].length(); d++)
render.sql(sqlChars[i++]);
// Consume the whole identifier
for (;;) {
// Consume an escaped quote
if (peek(sqlChars, i, quotes[QUOTE_END_DELIMITER_ESCAPED][delimiter])) {
for (int d = 0; d < quotes[QUOTE_END_DELIMITER_ESCAPED][delimiter].length(); d++)
render.sql(sqlChars[i++]);
}
// Break on the terminal identifier delimiter
else if (peek(sqlChars, i, quotes[QUOTE_END_DELIMITER][delimiter])) {
break;
}
// Consume identifier content
render.sql(sqlChars[i++]);
}
// Consume the terminal identifier delimiter
for (int d = 0; d < quotes[QUOTE_END_DELIMITER][delimiter].length(); d++) {
if (d > 0)
i++;
render.sql(sqlChars[i]);
}
}
// Inline bind variables only outside of string literals
else if (sqlChars[i] == '?' && substituteIndex < substitutes.size()) {
QueryPart substitute = substitutes.get(substituteIndex++);
@ -1165,6 +1217,21 @@ final class Utils {
return true;
}
/**
* Peek for several strings at a given <code>index</code> of a <code>char[]</code>
*
* @param sqlChars The char array to peek into
* @param index The index within the char array to peek for a string
* @param peek The strings to peek for
*/
static final boolean peekAny(char[] sqlChars, int index, String[] peekAny) {
for (String peek : peekAny)
if (peek(sqlChars, index, peek))
return true;
return false;
}
/**
* Create {@link QueryPart} objects from bind values or substitutes
*/

29
jOOQ/src/test/java/org/jooq/test/PlainSQLTest.java
View File

@ -40,11 +40,13 @@
*/
package org.jooq.test;
import static org.jooq.SQLDialect.POSTGRES;
import static org.jooq.impl.DSL.condition;
import static org.jooq.impl.DSL.val;
import org.jooq.Condition;
import org.jooq.QueryPart;
import org.jooq.impl.DSL;
import org.junit.Test;
@ -66,6 +68,33 @@ public class PlainSQLTest extends AbstractTest {
assertEquals("((a = :1 and b = :2) and (a = :3 and b = :4))", create.renderNamedParams(q.and(q)));
}
@Test
public void testStringLiterals() {
Condition q = condition("a = '?' and b = '{0}' and c = ?", 1);
assertEquals("(a = '?' and b = '{0}' and c = ?)", create.render(q));
assertEquals("(a = '?' and b = '{0}' and c = 1)", create.renderInlined(q));
assertEquals("(a = '?' and b = '{0}' and c = :1)", create.renderNamedParams(q));
}
@Test
public void testQuotedIdentifiers() {
Condition c1 = condition("a = `?` and b = `{0}` and c = ?", 1);
Condition c2 = condition("a = \"?\" and b = \"{0}\" and c = ?", 1);
assertEquals("(a = `?` and b = `{0}` and c = ?)", create.render(c1));
assertEquals("(a = `?` and b = `{0}` and c = 1)", create.renderInlined(c1));
assertEquals("(a = `?` and b = `{0}` and c = :1)", create.renderNamedParams(c1));
assertEquals("(a = \"?\" and b = \"{0}\" and c = ?)", create.render(c2));
assertEquals("(a = \"?\" and b = \"{0}\" and c = 1)", create.renderInlined(c2));
assertEquals("(a = \"?\" and b = \"{0}\" and c = :1)", create.renderNamedParams(c2));
assertEquals("(a = \"?\" and b = \"{0}\" and c = ?)", DSL.using(POSTGRES).render(c2));
assertEquals("(a = \"?\" and b = \"{0}\" and c = 1)", DSL.using(POSTGRES).renderInlined(c2));
assertEquals("(a = \"?\" and b = \"{0}\" and c = :1)", DSL.using(POSTGRES).renderNamedParams(c2));
}
@Test
public void testIndexedParameters() {
QueryPart q = condition("a = ? and b = ? and ? = ?", 1, 2, "a", "b");