Bug #1511 Quoted identifier character recognised inside quoted string
Submitted: 9 Oct 2003 11:58 Modified: 10 Oct 2003 14:55
Reporter: [ name withheld ] Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / J Severity:S3 (Non-critical)
Version:3.0.9-stable OS:Microsoft Windows (MSWin)
Assigned to: CPU Architecture:Any

[9 Oct 2003 11:58] [ name withheld ]
Description:
When a prepared statement query includes the quoted identifier character (`) as part of a quoted string, the quoted identifier character is recognised. As a consequence the query is not parsed correctly.

e.g.
select * from TestTable where col1 = 'ABC`DEF' and col2 = ?

The constructor for com.mysql.jdbc.PreparedStatement ignores quoted strings inside quoted identifiers, but not the other way around. The result is a failure to detect the ? and the number of parameters is set to zero.

How to repeat:
Create a prepared statement with the afore mentioned query. Then try and set the parameter value. Kaboom! (ArrayIndexOutOfBounds)

Suggested fix:
In the com.mysql.jdbc.PreparedStatement constructor when searching for ?, expand the logic so the quoted id character is NOT recognised when inside a quoted string (the flag for this already exists).

It should also be considered if this problem occurs elsewhere.
[10 Oct 2003 14:55] Mark Matthews
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html