root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Fix single quote parsing in NamedParameterUtils 

Prior to this change, single quotes were incorrectly parsed by
NamedParameterUtils#parseSqlStatement, resulting in incorrect parameter
counts:

    ParsedSql sql = NamedParameterUtils
            .parseSqlStatement("SELECT 'foo''bar', :xxx FROM DUAL");
    assert sql.getTotalParameterCount() == 0 // incorrect, misses :xxx

That is, presence of the single-quoted string caused the parser to
overlook the named parameter :xxx.

This commit fixes the parsing error such that:

    ParsedSql sql = NamedParameterUtils
            .parseSqlStatement("SELECT 'foo''bar', :xxx FROM DUAL");
    assert sql.getTotalParameterCount() == 1 // correct

Issue: SPR-8280
This commit is contained in:
Thomas Risberg 2012-02-06 00:02:01 -05:00 committed by Chris Beams
parent ff84419f4d
commit 9fb6e2313c
2 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2011 the original author or authors. * Copyright 2002-2012 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -85,12 +85,18 @@ public abstract class NamedParameterUtils {
int escapes = 0; int escapes = 0;
int i = 0; int i = 0;
while (i < statement.length) { while (i < statement.length) {
int skipToPosition = skipCommentsAndQuotes(statement, i); int skipToPosition = i;
if (i != skipToPosition) { while (i < statement.length) {
if (skipToPosition >= statement.length) { skipToPosition = skipCommentsAndQuotes(statement, i);
if (i == skipToPosition) {
break; break;
} }
i = skipToPosition; else {
i = skipToPosition;
}
}
if (i >= statement.length) {
break;
} }
char c = statement[i]; char c = statement[i];
if (c == ':' || c == '&') { if (c == ':' || c == '&') {

28
org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2011 the original author or authors. * Copyright 2002-2012 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -268,4 +268,30 @@ public class NamedParameterUtilsTests {
assertEquals(expectedSql, newSql); assertEquals(expectedSql, newSql);
} }
/*
* SPR-8280
*/
@Test
public void parseSqlStatementWithQuotedSingleQuote() {
String sql = "SELECT ':foo'':doo', :xxx FROM DUAL";
ParsedSql psql = NamedParameterUtils.parseSqlStatement(sql);
assertEquals(1, psql.getTotalParameterCount());
assertEquals("xxx", psql.getParameterNames().get(0));
}
@Test
public void parseSqlStatementWithQuotesAndCommentBefore() {
String sql = "SELECT /*:doo*/':foo', :xxx FROM DUAL";
ParsedSql psql = NamedParameterUtils.parseSqlStatement(sql);
assertEquals(1, psql.getTotalParameterCount());
assertEquals("xxx", psql.getParameterNames().get(0));
}
@Test
public void parseSqlStatementWithQuotesAndCommentAfter() {
String sql2 = "SELECT ':foo'/*:doo*/, :xxx FROM DUAL";
ParsedSql psql2 = NamedParameterUtils.parseSqlStatement(sql2);
assertEquals(1, psql2.getTotalParameterCount());
assertEquals("xxx", psql2.getParameterNames().get(0));
}
} }