db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3682) SYSCS_BULK_INSERT doesn't quote identifiers or strings properly
Date Wed, 21 May 2008 12:05:55 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Knut Anders Hatlen updated DERBY-3682:

    Attachment: d3682.diff

The attached patch fixes the missing escaping of identifiers and literals. I also modified
VTITest so that it runs the bulk insert test with a table whose name contains " and '.

Ideally, the SYSCS_BULK_INSERT procedure should have used question marks and setString() instead
of manually escaped string literals in the SQL text it built, but the parameters to the Warehouse
VTI used in VTITest are required at compile time, and the test therefore failed if the statement
was parametrized.

I have started the regression tests.

> SYSCS_BULK_INSERT doesn't quote identifiers or strings properly
> ---------------------------------------------------------------
>                 Key: DERBY-3682
>                 URL: https://issues.apache.org/jira/browse/DERBY-3682
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: d3682.diff
> Discovered by Mamta A. Satoor in DERBY-1062.
> SYSCS_BULK_INSERT builds an insert statement in which it doesn't quote the schema name
or the table name. It also takes string parameters that are inserted into the statement text
with single quotes around them, but that won't work if those strings contain single quote

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message