Skip to content
This repository

mapper DB.runUpdate crashes if question marks in valid strings #1248

Open
TimPigden opened this Issue · 1 comment

2 participants

Tim Pigden Franz Bettag
Tim Pigden

the following will fail

DB.runUpdate("insert into myTable (name, comment) values ('Tim', 'Why?'), Nil)

because the code in mapper is incorrectly parsing for ? as a parameter in the entire sql statement not just in parameter positions.

See this post for discussion

https://groups.google.com/forum/?hl=en&fromgroups#!topic/liftweb/2wxkFMK-niY

including trace and source code reference

Suggested short-term workaround:
create DB.runUpdate(sql: String) with no parameters

and return error instead of crashing and looking for items in empty param list

Franz Bettag
Collaborator

Hi, i found another workaround which might be better suited. Since the issue is DB.LoggedPreparedStatementHandler, i've come up with this solution. It uses the idea of Scala's String.format to use %% to get a percent sign. So i've given it support for ??.

fbettag@192a0ae

This is probably not that good when you have user generated content, but .replaceAll("\?", "??) is manageable imho. (you gotta escape for injections anyhow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.