Remove values between single quotes to pass SQL validation #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
December 12, 2013 09:49
…deciding if a query is correct. Before, if there wasn't a matching pair of brackets or quotes within a value, it would raise an invalid syntax exception. Add a test to catch this case.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First, I'd like to apologize if this is an abomination...I don't write Python often ;)
I was running into issues with simple-db-migrate when inserting values where the TEXT column had truncated the user's input. The statement looked like this:
INSERT INTO myTable (
id,text) VALUES (1, 'Really long text that gets truncated (you know the type');This is a perfectly valid SQL statement, but MySQL._parse_sql_statements() thought it wasn't due do the extra opening bracket. My change removes all values between single quotes from a string so that when doing Utils.count_occurrences(), all it sees is:
INSERT INTO myTable (
id,text) VALUES (1, );The extra bracket (as well as any other crud between quotes) is removed and the query passes the smell test.
I've also added a test to catch this case - although I'm not sure if passing without an exception or assert of any kind is correct.
Thanks for taking a look. I've only included MySQL, as I don't know the rules in other SQL flavours.