Skip to content

Commit

Permalink
[ 2171726 ] Quote columns to protect against keywords and special cha…
Browse files Browse the repository at this point in the history 
…racters
  • Loading branch information
@erilong
erilong committed Oct 17, 2008
1 parent a6d73d7 commit be14b67
Show file tree
Hide file tree
Showing 10 changed files with 69 additions and 44 deletions.
12 changes: 12 additions & 0 deletions symmetric/src/main/java/org/jumpmind/symmetric/db/AbstractDbDialect.java
View file
Expand Up @@ -112,6 +112,8 @@ abstract public class AbstractDbDialect implements IDbDialect {
private int databaseMinorVersion;

private String databaseProductVersion;

private String identifierQuoteString;

protected AbstractDbDialect() {
_defaultSizes = new HashMap<Integer, String>();
Expand Down Expand Up @@ -157,6 +159,7 @@ public void init(Platform pf) {
this.jdbcTemplate = new JdbcTemplate(pf.getDataSource());
this.platform = pf;
this.sqlErrorTranslator = new SQLErrorCodeSQLExceptionTranslator(pf.getDataSource());
this.identifierQuoteString = "\"";
jdbcTemplate.execute(new ConnectionCallback() {
public Object doInConnection(Connection c) throws SQLException, DataAccessException {
DatabaseMetaData meta = c.getMetaData();
Expand Down Expand Up @@ -908,6 +911,10 @@ public boolean requiresSavepointForFallback() {
return false;
}

public void disableSyncTriggers(String nodeId) {
disableSyncTriggers();
}

public boolean supportsTransactionId() {
return false;
}
Expand Down Expand Up @@ -972,4 +979,9 @@ public void setParameterService(IParameterService parameterService) {
this.parameterService = parameterService;
}

public String getIdentifierQuoteString()
{
return identifierQuoteString;
}

}
2 changes: 2 additions & 0 deletions symmetric/src/main/java/org/jumpmind/symmetric/db/IDbDialect.java
View file
Expand Up @@ -171,6 +171,8 @@ public interface IDbDialect {
*/
public boolean isTransactionIdOverrideSupported();

public String getIdentifierQuoteString();

public void createTables(String xml);

public String getSelectLastInsertIdSql(String sequenceName);
Expand Down
6 changes: 6 additions & 0 deletions symmetric/src/main/java/org/jumpmind/symmetric/db/mysql/MySqlDbDialect.java
View file
Expand Up @@ -160,4 +160,10 @@ public int getStreamingResultsFetchSize() {
public BinaryEncoding getBinaryEncoding() {
return BinaryEncoding.HEX;
}

public String getIdentifierQuoteString()
{
return "";
}

}
36 changes: 20 additions & 16 deletions symmetric/src/main/java/org/jumpmind/symmetric/load/StatementBuilder.java
View file
Expand Up @@ -41,9 +41,13 @@ public enum DmlType {
protected String sql;

protected int[] types;

protected String quote;

public StatementBuilder(DmlType type, String tableName, Column[] keys, Column[] columns,
boolean isBlobOverrideToBinary, boolean isDateOverrideToTimestamp) {
boolean isBlobOverrideToBinary, boolean isDateOverrideToTimestamp,
String identifierQuoteString) {
quote = identifierQuoteString == null ? "" : identifierQuoteString;
if (type == DmlType.INSERT) {
sql = buildInsertSql(tableName, columns);
types = buildTypes(columns, isBlobOverrideToBinary, isDateOverrideToTimestamp);
Expand Down Expand Up @@ -107,7 +111,7 @@ protected int[] buildTypes(Column[] columns, boolean isBlobOverrideToBinary,
return types;
}

public static String buildInsertSql(String tableName, String[] columnNames) {
public String buildInsertSql(String tableName, String[] columnNames) {
StringBuilder sql = new StringBuilder("insert into " + tableName + "(");
appendColumns(sql, columnNames);
sql.append(") values (");
Expand All @@ -116,7 +120,7 @@ public static String buildInsertSql(String tableName, String[] columnNames) {
return sql.toString();
}

public static String buildInsertSql(String tableName, Column[] columns) {
public String buildInsertSql(String tableName, Column[] columns) {
StringBuilder sql = new StringBuilder("insert into " + tableName + "(");
int columnCount = appendColumns(sql, columns);
sql.append(") values (");
Expand All @@ -125,72 +129,72 @@ public static String buildInsertSql(String tableName, Column[] columns) {
return sql.toString();
}

public static String buildUpdateSql(String tableName, String[] keyNames, String[] columnNames) {
public String buildUpdateSql(String tableName, String[] keyNames, String[] columnNames) {
StringBuilder sql = new StringBuilder("update ").append(tableName).append(" set ");
appendColumnEquals(sql, columnNames, ", ");
sql.append(" where ");
appendColumnEquals(sql, keyNames, " and ");
return sql.toString();
}

public static String buildUpdateSql(String tableName, Column[] keyColumns, Column[] columns) {
public String buildUpdateSql(String tableName, Column[] keyColumns, Column[] columns) {
StringBuilder sql = new StringBuilder("update ").append(tableName).append(" set ");
appendColumnEquals(sql, columns, ", ");
sql.append(" where ");
appendColumnEquals(sql, keyColumns, " and ");
return sql.toString();
}

public static String buildDeleteSql(String tableName, String[] keyNames) {
public String buildDeleteSql(String tableName, String[] keyNames) {
StringBuilder sql = new StringBuilder("delete from ").append(tableName).append(" where ");
appendColumnEquals(sql, keyNames, " and ");
return sql.toString();
}

public static String buildDeleteSql(String tableName, Column[] keyColumns) {
public String buildDeleteSql(String tableName, Column[] keyColumns) {
StringBuilder sql = new StringBuilder("delete from ").append(tableName).append(" where ");
appendColumnEquals(sql, keyColumns, " and ");
return sql.toString();
}

public static void appendColumnEquals(StringBuilder sql, String[] names, String separator) {
public void appendColumnEquals(StringBuilder sql, String[] names, String separator) {
for (int i = 0; i < names.length; i++) {
sql.append(names[i]).append(" = ?").append(i + 1 < names.length ? separator : "");
sql.append(quote).append(names[i]).append(quote).append(" = ?").append(i + 1 < names.length ? separator : "");
}
}

public static void appendColumnEquals(StringBuilder sql, Column[] columns, String separator) {
public void appendColumnEquals(StringBuilder sql, Column[] columns, String separator) {
int existingCount = 0;
for (int i = 0; i < columns.length; i++) {
if (columns[i] != null) {
if (existingCount++ > 0) {
sql.append(separator);
}
sql.append(columns[i].getName()).append(" = ?");
sql.append(quote).append(columns[i].getName()).append(quote).append(" = ?");
}
}
}

public static void appendColumns(StringBuilder sql, String[] names) {
public void appendColumns(StringBuilder sql, String[] names) {
for (int i = 0; i < names.length; i++) {
sql.append(names[i]).append(i + 1 < names.length ? "," : "");
sql.append(quote).append(names[i]).append(quote).append(i + 1 < names.length ? "," : "");
}
}

public static int appendColumns(StringBuilder sql, Column[] columns) {
public int appendColumns(StringBuilder sql, Column[] columns) {
int existingCount = 0;
for (int i = 0; i < columns.length; i++) {
if (columns[i] != null) {
if (existingCount++ > 0) {
sql.append(",");
}
sql.append(columns[i].getName());
sql.append(quote).append(columns[i].getName()).append(quote);
}
}
return existingCount;
}

public static void appendColumnQuestions(StringBuilder sql, int number) {
public void appendColumnQuestions(StringBuilder sql, int number) {
for (int i = 0; i < number; i++) {
sql.append("?").append(i + 1 < number ? "," : "");
}
Expand Down
3 changes: 2 additions & 1 deletion symmetric/src/main/java/org/jumpmind/symmetric/load/TableTemplate.java
View file
Expand Up @@ -279,7 +279,8 @@ private StatementBuilder getStatementBuilder(IDataLoaderContext ctx, DmlType typ
tableName = table.getCatalog() + "." + tableName;
}
st = new StatementBuilder(type, tableName, keyMetaData, getColumnMetaData(filteredColumnNames), dbDialect
.isBlobOverrideToBinary(), dbDialect.isDateOverrideToTimestamp());
.isBlobOverrideToBinary(), dbDialect.isDateOverrideToTimestamp(),
dbDialect.getIdentifierQuoteString());
statementMap.put(type, st);
}
return st;
Expand Down
10 changes: 5 additions & 5 deletions symmetric/src/main/resources/dialects/derby.xml
View file
Expand Up @@ -93,27 +93,27 @@
</property>
<property name="stringColumnTemplate" >
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else '"' || fn_sym_replace(fn_sym_replace($(tableAlias).$(columnName),'\','\\'),'"','\"') || '"' end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else '"' || fn_sym_replace(fn_sym_replace($(tableAlias)."$(columnName)",'\','\\'),'"','\"') || '"' end ||','||]]>
</value>
</property>
<property name="clobColumnTemplate">
<value>
<![CDATA[fn_sym_clob_to_string('$(columnName)', '$(schemaName)$(tableName)', $(primaryKeyWhereString) )||','||]]>
<![CDATA[fn_sym_clob_to_string('"$(columnName)"', '$(schemaName)$(tableName)', $(primaryKeyWhereString) )||','||]]>
</value>
</property>
<property name="blobColumnTemplate">
<value>
<![CDATA[fn_sym_blob_to_string('$(columnName)', '$(schemaName)$(tableName)', $(primaryKeyWhereString) )||','||]]>
<![CDATA[fn_sym_blob_to_string('"$(columnName)"', '$(schemaName)$(tableName)', $(primaryKeyWhereString) )||','||]]>
</value>
</property>
<property name="numberColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' else '"' || rtrim(char($(tableAlias).$(columnName))) || '"' end ||','||]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' else '"' || rtrim(char($(tableAlias)."$(columnName)")) || '"' end ||','||]]>
</value>
</property>
<property name="datetimeColumnTemplate" >
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else '"' || rtrim(char($(tableAlias).$(columnName))) || '"' end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else '"' || rtrim(char($(tableAlias)."$(columnName)")) || '"' end ||','||]]>
</value>
</property>
<property name="triggerConcatCharacter" value="||"/>
Expand Down
10 changes: 5 additions & 5 deletions symmetric/src/main/resources/dialects/hsqldb.xml
View file
Expand Up @@ -9,7 +9,7 @@
<bean id="stringTemplate" class="java.lang.String">
<constructor-arg>
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',replace(replace($(tableAlias).$(columnName),'\','\\'),'"','\"')),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',replace(replace($(tableAlias)."$(columnName)",'\','\\'),'"','\"')),'"') end ||','||]]>
</value>
</constructor-arg>
</bean>
Expand All @@ -27,22 +27,22 @@
<property name="clobColumnTemplate" ref="stringTemplate" />
<property name="blobColumnTemplate">
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',replace(replace(BASE64_ENCODE($(tableAlias).$(columnName)),'\','\\'),'"','\"')),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',replace(replace(BASE64_ENCODE($(tableAlias)."$(columnName)"),'\','\\'),'"','\"')),'"') end ||','||]]>
</value>
</property>
<property name="numberColumnTemplate">
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',cast($(tableAlias).$(columnName) as varchar(50))),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',cast($(tableAlias)."$(columnName)" as varchar(50))),'"') end ||','||]]>
</value>
</property>
<property name="datetimeColumnTemplate">
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',to_char($(tableAlias).$(columnName), 'YYYY-MM-DD HH24:MI:SS')),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',to_char($(tableAlias)."$(columnName)", 'YYYY-MM-DD HH24:MI:SS')),'"') end ||','||]]>
</value>
</property>
<property name="booleanColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' when $(tableAlias).$(columnName) then '"1"' else '"0"' end||','||]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' when $(tableAlias)."$(columnName)" then '"1"' else '"0"' end||','||]]>
</value>
</property>
<property name="oldTriggerValue" value="t.old_" />
Expand Down
12 changes: 6 additions & 6 deletions symmetric/src/main/resources/dialects/mssql.xml
View file
Expand Up @@ -9,7 +9,7 @@
<bean id="msSqlStringTemplate" class="java.lang.String">
<constructor-arg>
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else '"' + replace(replace($(tableAlias).$(columnName),'\','\\'),'"','\"') + '"' end +','+]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else '"' + replace(replace($(tableAlias)."$(columnName)",'\','\\'),'"','\"') + '"' end +','+]]>
</value>
</constructor-arg>
</bean>
Expand Down Expand Up @@ -46,28 +46,28 @@
<!-- TODO, We may have to make callbacks to the $(origTableAlias)inal table because SQL Server does not allow access to binary or clob data from a trigger -->
<property name="clobColumnTemplate">
<value>
<![CDATA[ case when $(origTableAlias).$(columnName) is null then '' else '"' + replace(replace(cast($(origTableAlias).$(columnName) as varchar(max)),'\','\\'),'"','\"') + '"' end +','+]]>
<![CDATA[ case when $(origTableAlias)."$(columnName)" is null then '' else '"' + replace(replace(cast($(origTableAlias)."$(columnName)" as varchar(max)),'\','\\'),'"','\"') + '"' end +','+]]>
</value>
</property>
<property name="blobColumnTemplate">
<value>
<![CDATA[ case when $(origTableAlias).$(columnName) is null then '' else '"' + replace(replace(dbo.fn_sym_base64_encode($(origTableAlias).$(columnName)),'\','\\'),'"','\"') + '"' end +','+]]>
<![CDATA[ case when $(origTableAlias)."$(columnName)" is null then '' else '"' + replace(replace(dbo.fn_sym_base64_encode($(origTableAlias)."$(columnName)"),'\','\\'),'"','\"') + '"' end +','+]]>
</value>
</property>
<property name="numberColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' else ('"' + cast($(tableAlias).$(columnName) as varchar) + '"') end+','+]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' else ('"' + cast($(tableAlias)."$(columnName)" as varchar) + '"') end+','+]]>
</value>
</property>
<!-- TODO -->
<property name="datetimeColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' else ('"' + convert(varchar,$(tableAlias).$(columnName),121) + '"') end +','+]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' else ('"' + convert(varchar,$(tableAlias)."$(columnName)",121) + '"') end +','+]]>
</value>
</property>
<property name="booleanColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' when $(tableAlias).$(columnName) = 1 then '"1"' else '"0"' end +','+]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' when $(tableAlias)."$(columnName)" = 1 then '"1"' else '"0"' end +','+]]>
</value>
</property>
<property name="triggerConcatCharacter" value="+" />
Expand Down
10 changes: 5 additions & 5 deletions symmetric/src/main/resources/dialects/oracle.xml
View file
Expand Up @@ -74,27 +74,27 @@
</property>
<property name="stringColumnTemplate" >
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',replace(replace($(tableAlias).$(columnName),'\','\\'),'"','\"')),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',replace(replace($(tableAlias)."$(columnName)",'\','\\'),'"','\"')),'"') end ||','||]]>
</value>
</property>
<property name="clobColumnTemplate">
<value>
<![CDATA[concat(concat('"',replace(replace($(tableAlias).$(columnName),to_clob('\'),to_clob('\\')),to_clob('"'),to_clob('\"'))),'"') ||','||]]>
<![CDATA[concat(concat('"',replace(replace($(tableAlias)."$(columnName)",to_clob('\'),to_clob('\\')),to_clob('"'),to_clob('\"'))),'"') ||','||]]>
</value>
</property>
<property name="blobColumnTemplate">
<value>
<![CDATA[fn_sym_blob2clob($(tableAlias).$(columnName))||','||]]>
<![CDATA[fn_sym_blob2clob($(tableAlias)."$(columnName)")||','||]]>
</value>
</property>
<property name="numberColumnTemplate">
<value>
<![CDATA[case when $(tableAlias).$(columnName) is null then '' else '"'||cast($(tableAlias).$(columnName) as varchar(50))||'"' end ||','||]]>
<![CDATA[case when $(tableAlias)."$(columnName)" is null then '' else '"'||cast($(tableAlias)."$(columnName)" as varchar(50))||'"' end ||','||]]>
</value>
</property>
<property name="datetimeColumnTemplate" >
<value>
<![CDATA[ case when $(tableAlias).$(columnName) is null then '' else concat(concat('"',to_char($(tableAlias).$(columnName), 'YYYY-MM-DD HH24:MI:SS')),'"') end ||','||]]>
<![CDATA[ case when $(tableAlias)."$(columnName)" is null then '' else concat(concat('"',to_char($(tableAlias)."$(columnName)", 'YYYY-MM-DD HH24:MI:SS')),'"') end ||','||]]>
</value>
</property>
<property name="triggerConcatCharacter" value="||"/>
Expand Down

0 comments on commit be14b67

Please sign in to comment.