| Bug #14442 | Improper parsing of query escape | ||
|---|---|---|---|
| Submitted: | 28 Oct 2005 22:00 | Modified: | 30 Oct 2005 11:04 |
| Reporter: | Scott Ferguson | Email Updates: | |
| Status: | Can't repeat | Impact on me: | |
| Category: | Connector / J | Severity: | S2 (Serious) |
| Version: | 3.0.17 | OS: | Any Java |
| Assigned to: | CPU Architecture: | Any | |
[30 Oct 2005 11:04]
Vasily Kishkin
Sorry...I was not able to reproduce the bug on 3.1.11.
mysql> select * from test;
+-------------------------+
| value |
+-------------------------+
| Can't edit{{SITENAME}}. |
+-------------------------+
1 row in set (0.22 sec)
Probably You need to upgrade your connector/J
[31 Oct 2005 16:37]
Scott Ferguson
The bug is not in mysql and was reproduced in 3.1.11 Connector/J. The mysql command line is not a problem. The problem is using that same query with Connector/J. In other words, you need to use the JDBC Session.executeQuery(...) as described in the bug report.
Description: The following query does not properly update the database: INSERT INTO test (value) VALUES('Can\\\'t edit {{SITENAME}}.') A Statement.executeUpdate(sql) of this query will reproduce the problem. The new row has the value: Can\'t edit . In other words, the {{SITENAME}} is taken out. How to repeat: Statement.executeUpdate("INSERT INTO test (value) VALUES('Can\\\'t edit {{SITENAME}}.')"); Suggested fix: com.mysql.jdbc.EscapeTokenizer.nextToken() is not correct. The parsing code should not back up from the single-quote to see if it's escaped. It needs to parse forwards. The current code treats any sequence of "\\'" as a quote, i.e. as if the previous escape character was escaped. It will do this even with 3 or more escapes, e.g. "\\\'", or "\\\\\'". The code should look something like: if (c == '\\' && pos + 1 < sourceLength) { char c1 = source.charAt(pos + 1); tokenBuf.append('\\'); tokenBuf.append(c1); } else if (c == '\'') { if (inQuotes) { ... } } else if (c == '"') { if (inQuotes) { ... } }