Bug #6217 Method TokenizeSql() uses only a limited set of valid characters for parameters
Submitted: 22 Oct 2004 15:43 Modified: 22 Oct 2004 18:38
Reporter: Levap Aretnyd Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:1.0.0 beta OS:Microsoft Windows (Windows 2003)
Assigned to: Reggie Burnett CPU Architecture:Any

[22 Oct 2004 15:43] Levap Aretnyd
Description:
Method MySqlCommand.TokenizeSql() ends a token when a valid parameter-name character is found - it uses too limited set of valid characters. Currently the method stops "recording" a parameter-name token when it is not letter-or-digit and not '_'. I think more characters are valid in parameter name, for example '$' character.

How to repeat:
See description.

Suggested fix:
Parameter names seems to not use same restrictions as user variables (according to manual valid characters for user variables are "alphanumeric characters from the current character set, `.', `_', and `$'."). I have tested that '$' is valid but '.' is not.

If only a '$' character is missing from the valid set, the line 627-628 in command.cs (method MySqlCommand.TokenizeSql()) then should look like this:

else if (sqlPart.Length > 0 && sqlPart[0] == parameters.ParameterMarker &&
 !Char.IsLetterOrDigit(c) && c != '_' && c != '$') // '$' is added as valid character for parameter name
{ // code then goes on unchanged
[22 Oct 2004 18:38] Reggie Burnett
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Ok, _, ., and $ are now supported in parameter names.