root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

SPR-7476 Improving named parameter parsing skipping escaped colons like '\:' and allowing for delimiting parameter names with curly brackets like :{p1}

This commit is contained in:
Thomas Risberg 2011-10-08 12:10:56 +00:00
parent 4f5248bb5c
commit 933e22320d
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
View File

@ -105,6 +105,12 @@ public abstract class NamedParameterUtils {
// :{x} style parameter // :{x} style parameter
while (j < statement.length && !('}' == statement[j])) { while (j < statement.length && !('}' == statement[j])) {
j++; j++;
if (':' == statement[j] || '{' == statement[j] || isParameterSeparator(statement[j])) {
throw new InvalidDataAccessApiUsageException("Parameter name contains invalid character '" + statement[j] + "' at position " + i + " in statement " + sql);
}
}
if (j >= statement.length) {
throw new InvalidDataAccessApiUsageException("Non-terminated named parameter declaration at position " + i + " in statement " + sql);
} }
if (j - i > 3) { if (j - i > 3) {
parameter = sql.substring(i + 2, j); parameter = sql.substring(i + 2, j);

4
org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
View File

@ -194,6 +194,8 @@ public class NamedParameterUtilsTests {
ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql); ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
assertEquals(2, parsedSql.getParameterNames().size()); assertEquals(2, parsedSql.getParameterNames().size());
assertEquals("p1", parsedSql.getParameterNames().get(0));
assertEquals("p2", parsedSql.getParameterNames().get(1));
String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null); String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null);
assertEquals(expectedSql, finalSql); assertEquals(expectedSql, finalSql);
} }
@ -208,6 +210,8 @@ public class NamedParameterUtilsTests {
ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql); ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
assertEquals(2, parsedSql.getParameterNames().size()); assertEquals(2, parsedSql.getParameterNames().size());
assertEquals("p1", parsedSql.getParameterNames().get(0));
assertEquals("p2", parsedSql.getParameterNames().get(1));
String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null); String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null);
assertEquals(expectedSql, finalSql); assertEquals(expectedSql, finalSql);
} }