Skip to content

NpgSqlCommand does not substitute parameters when there is a string with escaped apostrophe #240

Closed
alenkacz opened this Issue May 12, 2014 · 4 comments

4 participants

@alenkacz

When NpgSqlCommand is created with a string that contains escaped apostrophe, the parameters in the query after this string are not substitued even though the valid values are provided. Such parameters placed before the string with apostrophe are substitued correctly.

Following example creates a SQL "INSERT INTO TestTable (StringColumn, ByteaColumn) VALUES ('b''la', @SomeValue)" - the SomeValue is not substitued for the provided parameter value. If the @SomeValue would be placed before the 'b''la' string, everything would work.

using (var cmd = DbConnection.CreateCommand())
            {
                cmd.CommandText = "INSERT INTO TestTable (StringColumn, ByteaColumn) VALUES ('b''la', @SomeValue)";
                cmd.Parameters.AddWithValue("SomeValue", new byte[] { 1, });
                cmd.ExecuteNonQuery();
            }
@augi
augi commented May 12, 2014

I think it could be problem in NpgsqlCommand.AppendCommandReplacingParameterValues method.

@glenebob glenebob added a commit to glenebob/Npgsql2 that referenced this issue Aug 2, 2014
@glenebob glenebob Simplfied repro unit test bugs #240 and #296
This is about as simple as I can make it.
0d13218
@glenebob glenebob added a commit to glenebob/Npgsql2 that referenced this issue Aug 2, 2014
@glenebob glenebob Fix for bugs #240 and #296
Properly handle escaped single quote character ('') in a quoted section during query parameter substitution.
253b6f9
@glenebob
Npgsql member
glenebob commented Aug 2, 2014

Check out PR #307 ;)

@glenebob glenebob added this to the 2.2 milestone Aug 3, 2014
@glenebob glenebob added the bug label Aug 3, 2014
@glenebob glenebob self-assigned this Aug 3, 2014
@glenebob
Npgsql member
glenebob commented Aug 4, 2014

PR #307 merged. Please have a look.

@glenebob glenebob added a commit that referenced this issue Aug 4, 2014
@glenebob glenebob Simplfied repro unit test bugs #240 and #296
This is about as simple as I can make it.

(cherry picked from commit 0d13218)

Backport #307 from master
2459774
@glenebob glenebob added a commit that referenced this issue Aug 4, 2014
@glenebob glenebob Fix for bugs #240 and #296
Properly handle escaped single quote character ('') in a quoted section during query parameter substitution.

(cherry picked from commit 253b6f9)

Backport #307 from master
caa9d3e
@franciscojunior
Npgsql member

This is fixed in Npgsql 2.2.0-rc1. Please, give it a try and let us know if you find any other problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.