Fix single quote parsing in NamedParameterUtils

Prior to this change, single quotes were incorrectly parsed by NamedParameterUtils#parseSqlStatement, resulting in incorrect parameter counts: ParsedSql sql = NamedParameterUtils .parseSqlStatement("SELECT 'foo''bar', :xxx FROM DUAL"); assert sql.getTotalParameterCount() == 0 // incorrect, misses :xxx That is, presence of the single-quoted string caused the parser to overlook the named parameter :xxx. This commit fixes the parsing error such that: ParsedSql sql = NamedParameterUtils .parseSqlStatement("SELECT 'foo''bar', :xxx FROM DUAL"); assert sql.getTotalParameterCount() == 1 // correct Issue: SPR-8280
2012-02-06 00:02:01 -05:00 · 2012-02-06 00:02:01 -05:00 · 9fb6e2313c
parent ff84419f4d
commit 9fb6e2313c
2 changed files with 38 additions and 6 deletions
--- a/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
+++ b/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2011 the original author or authors.
+ * Copyright 2002-2012 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -85,13 +85,19 @@ public abstract class NamedParameterUtils {
 		int escapes = 0;
 		int i = 0;
 		while (i < statement.length) {
-			int skipToPosition = skipCommentsAndQuotes(statement, i);
-			if (i != skipToPosition) {
-				if (skipToPosition >= statement.length) {
+			int skipToPosition = i;
+			while (i < statement.length) {
+				skipToPosition = skipCommentsAndQuotes(statement, i);
+				if (i == skipToPosition) {
 					break;
 				}
+				else {
 					i = skipToPosition;
 				}
+			}
+			if (i >= statement.length) {
+				break;
+			}
 			char c = statement[i];
 			if (c == ':' || c == '&') {
 				int j = i + 1;
--- a/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
+++ b/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2011 the original author or authors.
+ * Copyright 2002-2012 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -268,4 +268,30 @@ public class NamedParameterUtilsTests {
 		assertEquals(expectedSql, newSql);
 	}

+	/*
+	 * SPR-8280
+	 */
+	@Test
+	public void parseSqlStatementWithQuotedSingleQuote() {
+		String sql = "SELECT ':foo'':doo', :xxx FROM DUAL";
+		ParsedSql psql = NamedParameterUtils.parseSqlStatement(sql);
+		assertEquals(1, psql.getTotalParameterCount());
+		assertEquals("xxx", psql.getParameterNames().get(0));
+	}
+
+	@Test
+	public void parseSqlStatementWithQuotesAndCommentBefore() {
+		String sql = "SELECT /*:doo*/':foo', :xxx FROM DUAL";
+		ParsedSql psql = NamedParameterUtils.parseSqlStatement(sql);
+		assertEquals(1, psql.getTotalParameterCount());
+		assertEquals("xxx", psql.getParameterNames().get(0));
+	}
+
+	@Test
+	public void parseSqlStatementWithQuotesAndCommentAfter() {
+		String sql2 = "SELECT ':foo'/*:doo*/, :xxx FROM DUAL";
+		ParsedSql psql2 = NamedParameterUtils.parseSqlStatement(sql2);
+		assertEquals(1, psql2.getTotalParameterCount());
+		assertEquals("xxx", psql2.getParameterNames().get(0));
+	}
 }