Replace question marks only in PreparedStatements #427
Conversation
Question marks in the query text should be replaced with positional parameters ($1, $2, ...) only in java.sql.PreparedStatement. In a java.sql.Statement they should be left alone.
Thanks!, any chance you can add some test cases? I also suspect this only fixes this particular problem. What happens if there is an extra single ? with parameters ? |
@laurenz , please use spaces, not tabs for indent. This might be a questionable change:
|
also looks like it fails CompositeQueryParseTest |
The easiest thing might be to document the use of ?? instead of trying to code around it. This is a hack we were forced into. I'm not convinced I want to fix this corner case |
+1 We might even do better job by handling |
On 18 November 2015 at 06:30, Vladimir Sitnikov notifications@github.com
+1 Dave Cramer |
Well, CompositeQueryParseTest fails because they specifically test the ?? escape. I think the argument that it might make copy and paste between java.sql.Statement and java.sql.PreparedStatement more difficult is a weak one, but I certainly understand that the behaviour change might cause problems. My patch does not modify the behaviour for java.sql.PreparedStatements, so having a ? operator there still requires escaping it. I don't know if java.sql.Statement.execute() can be called a corner case, though. BTW, could the documentation build on the web site be updated? I see the ?? escape documented in the source, but not on the web site. That might also help with the problem. If there is a consensus against it, I'll retract the patch. |
I'll try to update the docs ASAP. The corner case I refer to is someone putting a single ? in a select Dave Cramer On 18 November 2015 at 07:07, Laurenz Albe notifications@github.com wrote:
|
The question is: what was pgjdbc behavior as of January 2015? |
This is an improvement over the previous commit: Now you can either use a single question mark in a java.sql.Statement which will be interpreted as such, or you can use escaped (doubled) question marks. This way code that used to work will continue to work, while people who do not expect that question marks need to be escaped in simple statements will not be surprised. This commit also fixes the regression tests and adds a new one.
After sleeping on it, I came up with this approach:
This preserves the old behaviour while avoiding to surprise users who don't expect that a question mark needs to be escaped in a simple statement. I have also fixed the test cases and added a new one. |
Are you sure there are no operators that include double question marks? |
nativeSql.append(NativeQuery.bindName(bindIndex)); | ||
} | ||
else | ||
nativeSql.append('?'); |
vlsi
Nov 20, 2015
Member
Please put "shortest branch" first, please always use braces (it seems to be the project style)
Please put "shortest branch" first, please always use braces (it seems to be the project style)
I've did a quick check with select * from pg_operator where oprname like '%??%' and it looks like there are no built-in operators with double question marks. @laurenz , can you please add test that ?? is converted back to ? when using simple statement? |
Make the code adhere to project style guidlines. The new tests verifies that double question marks will work with simple statements.
Thanks for the feedback; I improved the code and added another regression test. |
I'm a little concerned that we now have two different ways to do this. One
|
I don't say that it is very pretty, but my impression is that the ?? escape is slightly hacky and nonstandard itself. My change is driven by the desire to follow the principle of least astonishment. I admit that it feels a little like DWIM, but I can't think of a case where it could go wrong. |
My thought is that someone switching between statements and prepared
|
I have seen a user who was surprised by the necessity to escape question marks. Now what cases could cause surprise with the new behaviour:
|
I'm inclined to +1 for the change |
Here is where the documentation for the site lives Wondering if we can get corresponding docs ? Dave Cramer On 20 November 2015 at 10:13, Vladimir Sitnikov notifications@github.com
|
I'd be happy to contribute documentation, but I need help:
|
They are markdown files and github will almost display them. They use jekyll to build them http://jekyllrb.com/docs/configuration/ Thanks! Dave Cramer On 23 November 2015 at 03:12, Laurenz Albe notifications@github.com wrote:
|
Thanks, but my question remains:
In the file doc/pgjdbc.xml in the pgjdbc project, I find ?-contained operator escapes documented, but not in the www project.Can you explain that? |
Yes, in documention/head. As for the docs in /docs. I need to delete that file Dave Cramer On 23 November 2015 at 06:58, Laurenz Albe notifications@github.com wrote:
|
I cannot install jekyll on my RHEL 6 machine. |
On 23 November 2015 at 10:59, Laurenz Albe notifications@github.com wrote:
Not that I am aware of ?
|
Ok, my best effort is here: pgjdbc/www#16 |
I guess you'll want to merge this request since you merged the documentation for it :^) |
Replace question marks only in PreparedStatements
In this thread Thomas Kellerer uttered his surprise that questions marks are replaced with positional parameters in a java.sql.Statement.
I think that is a bug, an I came up with this patch to fix it.
My only concern is that this is a behaviour change that might break existing code...