New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix "index out of range" in interpolateParams #490
Fix "index out of range" in interpolateParams #490
Conversation
@@ -0,0 +1,49 @@ | |||
// Go MySQL Driver - A MySQL-Driver for Go's database/sql package | |||
// | |||
// Copyright 2013 The Go-MySQL-Driver Authors. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the year to 2016
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -153,6 +153,9 @@ func (mc *mysqlConn) interpolateParams(query string, args []driver.Value) (strin | |||
buf = append(buf, query[i:i+q]...) | |||
i += q | |||
|
|||
if argPos >= len(args) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please place a comment here what this is for
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed this check to top of this function, like #467.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -153,6 +153,9 @@ func (mc *mysqlConn) interpolateParams(query string, args []driver.Value) (strin | |||
buf = append(buf, query[i:i+q]...) | |||
i += q | |||
|
|||
if argPos >= len(args) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed this check to top of this function, like #467.
@@ -0,0 +1,49 @@ | |||
// Go MySQL Driver - A MySQL-Driver for Go's database/sql package | |||
// | |||
// Copyright 2013 The Go-MySQL-Driver Authors. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -135,6 +135,11 @@ func (mc *mysqlConn) Prepare(query string) (driver.Stmt, error) { | |||
} | |||
|
|||
func (mc *mysqlConn) interpolateParams(query string, args []driver.Value) (string, error) { | |||
// Number of ? should be same to len(args) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there currently no way how ? could be escaped?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Current implementation doesn't care queries like SELECT 'foo?bar', ?
.
When we add support it, this check should go below.
So the 3rd test should start failing as soon as we start implementing string interpolation? |
Thanks a lot! |
Description
When number of placeholder is larger than number of argument,
interpolateParams cause runtime error.
Checklist