mapper DB.runUpdate crashes if question marks in valid strings #1248

TimPigden opened this Issue Mar 30, 2012 · 1 comment


None yet

2 participants


the following will fail

DB.runUpdate("insert into myTable (name, comment) values ('Tim', 'Why?'), Nil)

because the code in mapper is incorrectly parsing for ? as a parameter in the entire sql statement not just in parameter positions.

See this post for discussion!topic/liftweb/2wxkFMK-niY

including trace and source code reference

Suggested short-term workaround:
create DB.runUpdate(sql: String) with no parameters

and return error instead of crashing and looking for items in empty param list

fbettag commented Jun 2, 2012

Hi, i found another workaround which might be better suited. Since the issue is DB.LoggedPreparedStatementHandler, i've come up with this solution. It uses the idea of Scala's String.format to use %% to get a percent sign. So i've given it support for ??.


This is probably not that good when you have user generated content, but .replaceAll("?", "??) is manageable imho. (you gotta escape for injections anyhow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment