mapper DB.runUpdate crashes if question marks in valid strings #1248

Open
TimPigden opened this Issue Mar 30, 2012 · 1 comment

Projects

None yet

2 participants

@TimPigden

the following will fail

DB.runUpdate("insert into myTable (name, comment) values ('Tim', 'Why?'), Nil)

because the code in mapper is incorrectly parsing for ? as a parameter in the entire sql statement not just in parameter positions.

See this post for discussion

https://groups.google.com/forum/?hl=en&fromgroups#!topic/liftweb/2wxkFMK-niY

including trace and source code reference

Suggested short-term workaround:
create DB.runUpdate(sql: String) with no parameters

and return error instead of crashing and looking for items in empty param list

@fbettag
Member
fbettag commented Jun 2, 2012

Hi, i found another workaround which might be better suited. Since the issue is DB.LoggedPreparedStatementHandler, i've come up with this solution. It uses the idea of Scala's String.format to use %% to get a percent sign. So i've given it support for ??.

fbettag@192a0ae

This is probably not that good when you have user generated content, but .replaceAll("?", "??) is manageable imho. (you gotta escape for injections anyhow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment