Bug #17983 SQL_WVARCHAR not handled properly in MyODBC
Submitted: 6 Mar 2006 19:09 Modified: 12 May 2006 7:31
Reporter: Anders Karlsson Email Updates:
Status: Duplicate Impact on me:
None 
Category:Connector / ODBC Severity:S3 (Non-critical)
Version:3.51.12 OS:Microsoft Windows (Windows)
Assigned to: CPU Architecture:Any

[6 Mar 2006 19:09] Anders Karlsson
Description:
When binding with a SQL_WVARCHAR parameter, the parameter is inserted as/is into the SQL string, instead of being properly quoted. This can be seen in execute.c   in the ODBC driver source. At the point where parameter substituion occurs in SQLExecute on line 436, there is special treatment of string types except the wide datatypes (SQL_WCHAR / SQL_WVARCHAR etc). These should be pre/post fixed with L'"' instead of ending up at the case default where they are just literally inserted into the SQL string.

How to repeat:
The below code snippet will fail, but the only slightly different snippet following that will not:
<connect to ODBC etc>
  if(SQLBindParameter(hStmt1, 1, SQL_PARAM_INPUT, SQL_C_WCHAR,
  SQL_WVARCHAR, sizeof(szParam), 0, szParam, wcslen(szParam), &nIndicator)
    != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
   if(SQLPrepare(hStmt1, "SELECT c1 FROM t1 WHERE c2 = ? ORDER BY c1",
     SQL_NTS) != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
   if(SQLExecute(hStmt1) != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
<clean up code>

<connect to ODBC etc>
  if(SQLBindParameter(hStmt1, 1, SQL_PARAM_INPUT, SQL_C_WCHAR,
  SQL_VARCHAR, sizeof(szParam), 0, szParam, wcslen(szParam), &nIndicator)
    != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
   if(SQLPrepare(hStmt1, "SELECT c1 FROM t1 WHERE c2 = ? ORDER BY c1",
     SQL_NTS) != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
   if(SQLExecute(hStmt1) != SQL_SUCCESS)
	{
	HandleOdbcError(g_hDbc, hStmt1);
	return 1;
	}
<clean up code>

Suggested fix:
Either make sure that SQL_WVARCHAR, SQL_WCHAR and SQL_WLONGCHAR are handled properly, or, which might at this point be more appropriate as MyODBC don't report there types as beiing supported, raise a Datatype not supported error.
[12 May 2006 7:31] Tonci Grgin
Hi Anders.
Thank you for your bug report. It has allready been verified in http://bugs.mysql.com/bug.php?id=19078.