convertQuestionMark function improperly handles single quotes in comments #1954

Closed
opened 6 months ago by antialiasis · 2 comments

The convertQuestionMark function converts ? SQL parameters to $1, $2 and so on. It tries to ignore question marks inside single-quoted strings. However, it does this very simplisticially, simply alternating each time a single quote occurs in the SQL string. This is not always correct, as SQL comments may contain single quotes, and this makes the parsing of the rest of the string incorrect.

These tests both fail with the current implementation:

func TestSeqFilterLineComment(t *testing.T) {
	var kases = map[string]string{
		`SELECT *
		FROM TABLE1
		WHERE a=? -- a comment with a single quote'
		AND b=?`: `SELECT *
		FROM TABLE1
		WHERE a=$1 -- a comment with a single quote'
		AND b=$2`,
	}
	for sql, result := range kases {
		assert.EqualValues(t, result, convertQuestionMark(sql, "$", 1))
	}
}

func TestSeqFilterComment(t *testing.T) {
	var kases = map[string]string{
		`SELECT *
		FROM TABLE1
		WHERE a=? /* it's a comment */
		AND b=?`: `SELECT *
		FROM TABLE1
		WHERE a=$1 /* it's a comment */
		AND b=$2`,
	}
	for sql, result := range kases {
		assert.EqualValues(t, result, convertQuestionMark(sql, "$", 1))
	}
}
The `convertQuestionMark` function converts ? SQL parameters to $1, $2 and so on. It tries to ignore question marks inside single-quoted strings. However, it does this very simplisticially, simply alternating each time a single quote occurs in the SQL string. This is not always correct, as SQL comments may contain single quotes, and this makes the parsing of the rest of the string incorrect. These tests both fail with the current implementation: ``` func TestSeqFilterLineComment(t *testing.T) { var kases = map[string]string{ `SELECT * FROM TABLE1 WHERE a=? -- a comment with a single quote' AND b=?`: `SELECT * FROM TABLE1 WHERE a=$1 -- a comment with a single quote' AND b=$2`, } for sql, result := range kases { assert.EqualValues(t, result, convertQuestionMark(sql, "$", 1)) } } func TestSeqFilterComment(t *testing.T) { var kases = map[string]string{ `SELECT * FROM TABLE1 WHERE a=? /* it's a comment */ AND b=?`: `SELECT * FROM TABLE1 WHERE a=$1 /* it's a comment */ AND b=$2`, } for sql, result := range kases { assert.EqualValues(t, result, convertQuestionMark(sql, "$", 1)) } } ```
antialiasis changed title from convertQuestionMark function improperly handles single quotes to convertQuestionMark function improperly handles single quotes in comments 6 months ago
lunny added the
kind/bug
label 6 months ago
Owner

Could you send a PR to fix that?

Could you send a PR to fix that?
Owner

Closed by #1955

Closed by #1955
lunny closed this issue 4 months ago
lunny added this to the 1.2.0 milestone 4 months ago
lunny removed this from the 1.2.0 milestone 4 months ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.