db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: CREATE TABLE lexical error
Date Sun, 20 Apr 2014 15:38:10 GMT
On 4/19/14 8:18 AM, Patrick Meyer wrote:
>
> Thanks John. Yes, I was cutting and pasting from Notepad, but I was 
> doing that for all four lines. I don't understand why it worked for 
> some lines but not others.
>
> Nevertheless,  the cutting and pasting is not my real problem. I 
> created these four statements to reproduce a problem I encountered 
> with my program. I get the same lexical error when my program obtains 
> the column names from a delimited text file. This error only occurs 
> with some (actually, very few) files and I cannot figure out why. Any 
> ideas why?
>
Not your immediate problem, but it sounds as though you may have a SQL 
injection issue if you are creating tables with user-supplied column 
names. Make sure that you correctly quote and escape the user-supplied 
column names.

Hope this helps,
-Rick
>
> Thanks
>
> On Apr 19, 2014 10:53 AM, "John English" <john.foreign@gmail.com 
> <mailto:john.foreign@gmail.com>> wrote:
>
>     On 19/04/2014 04:34, Patrick Meyer wrote:
>
>         I have an application that allows users to import data into
>         Derby. As such, the
>         users specify the column names. A user encountered a lexical
>         error message that
>         I have been able to reproduce with the following CREATE TABLE
>         statements. Can
>         anyone explain why the column names appear to be causing a
>         lexical error and how
>         to avoid it? I am using 10.9.1.
>
>
>     \uFEFF is a Unicode "zero-width line break" character. Presumably
>     you're cutting and pasting from somewhere; try pasting into a
>     plain-text editor and then cut & paste from there to get rid of it?
>
>     HTH,
>     -- 
>     John English
>


Mime
View raw message