Skip to content

Commit

Permalink
[fix] escape parameter placeholder '?' by double question mark '??' J…
Browse files Browse the repository at this point in the history 
…etBrains#891
  • Loading branch information
@JajaComp
JajaComp committed Sep 6, 2024
1 parent 61b1ebb commit 3e9f582
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 3 deletions.
7 changes: 4 additions & 3 deletions exposed-core/src/main/kotlin/org/jetbrains/exposed/sql/statements/Statement.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import org.jetbrains.exposed.sql.Transaction
import org.jetbrains.exposed.sql.statements.api.PreparedStatementApi
import java.sql.ResultSet
import java.sql.SQLException
import java.util.*
import java.util.Stack

internal object DefaultValueMarker {
override fun toString(): String = "DEFAULT"
Expand Down Expand Up @@ -127,12 +127,13 @@ fun StatementContext.expandArgs(transaction: Transaction): String {
val quoteStack = Stack<Char>()
var lastPos = 0

for (i in sql.indices) {
var i = -1
while (++i < sql.length) {
val char = sql[i]
when {
char == '?' && quoteStack.isEmpty() -> {
if (sql.getOrNull(i + 1) == '?') {
i.inc()
i++
continue
}
append(sql.substring(lastPos, i))
Expand Down
50 changes: 50 additions & 0 deletions exposed-tests/src/test/kotlin/org/jetbrains/exposed/sql/tests/shared/StatementTest.kt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package org.jetbrains.exposed.sql.tests.shared

import org.jetbrains.exposed.dao.id.IntIdTable
import org.jetbrains.exposed.sql.ComplexExpression
import org.jetbrains.exposed.sql.Expression
import org.jetbrains.exposed.sql.Op
import org.jetbrains.exposed.sql.QueryBuilder
import org.jetbrains.exposed.sql.tests.DatabaseTestsBase
import kotlin.test.Test

class StatementTest : DatabaseTestsBase() {
@Test
fun `query with double question`() {
val table = object : IntIdTable("test_mod_on_pk") {
val otherColumn = short("other")
}

open class SubQueryComplex<T>(
private val operator: String,
private val expr: Expression<T>,
private val expr2: Expression<T>,
) : Op<Boolean>(), ComplexExpression {
override fun toQueryBuilder(queryBuilder: QueryBuilder): Unit = queryBuilder {
+expr
+" "
+operator
+" ("
+expr2
+")"
}
}

withTables(table) {
val actual = table
.select(table.otherColumn)
.where {
SubQueryComplex(
"??",
table.id,
table.id
)
}
.prepareSQL(this, false)
assertEquals(
"SELECT TEST_MOD_ON_PK.OTHER FROM TEST_MOD_ON_PK WHERE TEST_MOD_ON_PK.ID ?? (TEST_MOD_ON_PK.ID)".lowercase(),
actual.lowercase()
)
}
}
}

0 comments on commit 3e9f582

Please sign in to comment.