Bug #71929 Prefixing query with double comments cancels query DML validation
Submitted: 4 Mar 2014 19:09 Modified: 4 Mar 2014 19:11
Reporter: Filipe Silva Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / J Severity:S3 (Non-critical)
Version:5.2.29 OS:Any
Assigned to: Filipe Silva CPU Architecture:Any

[4 Mar 2014 19:09] Filipe Silva
Description:
Executing a query prefixed with double comments cancels DML validation, allowing to execute DML statements with Statement.executeQuery().

The same happens in some internal validations too.

How to repeat:
Compare results of:

stmt.executeQuery("CREATE TABLE t_test (id INT)");

stmt.executeQuery("/* comment */CREATE TABLE t_test (id INT)");

stmt.executeQuery("/* comment *//* comment again */CREATE TABLE t_test (id INT)");

Suggested fix:
Review validation methods.
[4 Mar 2014 19:22] Filipe Silva
Third code line is a bad example. Instead use (first character in second comment matters):

stmt.executeQuery("/* comment *//* some more comment */CREATE TABLE t_test (id INT)");
[4 Mar 2014 23:01] Filipe Silva
Posted by developer:
 
A similar thing happens when prefixing a SELECT query with comments and use Statement.executeUpdate() method.

E.g.:

stmt.executeUpdate("SELECT 1"); // throws exception

stmt.executeUpdate("/* comment */SELECT 1"); // doesn't throw exception
[3 Jan 2016 19:50] Ramin Orujov
1.Fixed executeQuery() related bug in StatementImpl.findStartOfStatement() method.
2.Fixed executeUpdate() related bug in StatementImpl.executeUpdateInternal() method.

here is my commit:
https://github.com/raminorujov/mysql-connector-j/commit/39b5fd3f92d7ff7845374f200c22d7a1a4...
[3 Jan 2016 20:07] Ramin Orujov
Test case

Attachment: Bug71929.java (text/x-java), 1.10 KiB.