Add support for MySQL backticks

This commit makes sure that content within backticks are skipped when parsing a SQL statement using NamedParameterUtils. This harmonizes the current behavior of ignoring special characters that are wrapped in backticks. Closes gh-31944
2024-01-05 10:25:56 +01:00 · 2024-01-05 10:25:56 +01:00 · 2fc8b13dd5
parent e73bbd4ad3
commit 2fc8b13dd5
2 changed files with 22 additions and 23 deletions
--- a/spring-jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
+++ b/spring-jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -44,12 +44,12 @@ public abstract class NamedParameterUtils {
 	/**
 	 * Set of characters that qualify as comment or quotes starting characters.
 	 */
-	private static final String[] START_SKIP = new String[] {"'", "\"", "--", "/*"};
+	private static final String[] START_SKIP = new String[] {"'", "\"", "--", "/*", "`"};

 	/**
 	 * Set of characters that at are the corresponding comment or quotes ending characters.
 	 */
-	private static final String[] STOP_SKIP = new String[] {"'", "\"", "\n", "*/"};
+	private static final String[] STOP_SKIP = new String[] {"'", "\"", "\n", "*/", "`"};

 	/**
 	 * Set of characters that qualify as parameter separators,
--- a/spring-jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
+++ b/spring-jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -21,6 +21,8 @@ import java.util.HashMap;
 import java.util.Map;

 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;

 import org.springframework.dao.InvalidDataAccessApiUsageException;
 import org.springframework.jdbc.core.SqlParameterValue;
@ -285,25 +287,14 @@ class NamedParameterUtilsTests {
 		assertThat(newSql).isEqualTo(expectedSql);
 	}

-	@Test  // SPR-8280
-	public void parseSqlStatementWithQuotedSingleQuote() {
-		String sql = "SELECT ':foo'':doo', :xxx FROM DUAL";
-		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
-		assertThat(parsedSql.getTotalParameterCount()).isEqualTo(1);
-		assertThat(parsedSql.getParameterNames()).containsExactly("xxx");
-	}
-
-	@Test
-	void parseSqlStatementWithQuotesAndCommentBefore() {
-		String sql = "SELECT /*:doo*/':foo', :xxx FROM DUAL";
-		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
-		assertThat(parsedSql.getTotalParameterCount()).isEqualTo(1);
-		assertThat(parsedSql.getParameterNames()).containsExactly("xxx");
-	}
-
-	@Test
-	void parseSqlStatementWithQuotesAndCommentAfter() {
-		String sql = "SELECT ':foo'/*:doo*/, :xxx FROM DUAL";
+	@ParameterizedTest // SPR-8280 and others
+	@ValueSource(strings = {
+			"SELECT ':foo'':doo', :xxx FROM DUAL",
+			"SELECT /*:doo*/':foo', :xxx FROM DUAL",
+			"SELECT ':foo'/*:doo*/, :xxx FROM DUAL",
+			"SELECT \":foo\"\":doo\", :xxx FROM DUAL",
+			"SELECT `:foo``:doo`, :xxx FROM DUAL",})
+	void parseSqlStatementWithParametersInsideQuote(String sql) {
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
 		assertThat(parsedSql.getTotalParameterCount()).isEqualTo(1);
 		assertThat(parsedSql.getParameterNames()).containsExactly("xxx");
@ -361,6 +352,14 @@ class NamedParameterUtilsTests {
 		assertThat(sqlToUse).isEqualTo("insert into foos (id) values (?)");
 	}

+	@Test // gh-31944
+	void parseSqlStatementWithBackticks() {
+		String sql = "select * from `tb&user` where id = :id";
+		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
+		assertThat(parsedSql.getParameterNames()).containsExactly("id");
+		assertThat(substituteNamedParameters(parsedSql)).isEqualTo("select * from `tb&user` where id = ?");
+	}
+
 	private static String substituteNamedParameters(ParsedSql parsedSql) {
 		return NamedParameterUtils.substituteNamedParameters(parsedSql, null);
 	}