Bug #1511 Quoted identifier character recognised inside quoted string
Submitted: 9 Oct 2003 13:58 Modified: 10 Oct 2003 16:55
Reporter: [ name withheld ]
Status: Closed
Category:Connector/J Severity:S3 (Non-critical)
Version:3.0.9-stable OS:Microsoft Windows (MSWin)
Assigned to: Target Version:

[9 Oct 2003 13:58] [ name withheld ] 
Description:
When a prepared statement query includes the quoted identifier character (`) as part of a
quoted string, the quoted identifier character is recognised. As a consequence the query
is not parsed correctly.

e.g.
select * from TestTable where col1 = 'ABC`DEF' and col2 = ?

The constructor for com.mysql.jdbc.PreparedStatement ignores quoted strings inside quoted
identifiers, but not the other way around. The result is a failure to detect the ? and the
number of parameters is set to zero.

How to repeat:
Create a prepared statement with the afore mentioned query. Then try and set the parameter
value. Kaboom! (ArrayIndexOutOfBounds)

Suggested fix:
In the com.mysql.jdbc.PreparedStatement constructor when searching for ?, expand the logic
so the quoted id character is NOT recognised when inside a quoted string (the flag for
this already exists).

It should also be considered if this problem occurs elsewhere.
[10 Oct 2003 16:55] Mark Matthews 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html