You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by bu...@apache.org on 2004/08/05 23:48:44 UTC

DO NOT REPLY [Bug 30502] New: - SQLExec: treatment of "--" inside of strings

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30502>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30502

SQLExec:  treatment of "--" inside of strings

           Summary: SQLExec:  treatment of "--" inside of strings
           Product: Ant
           Version: 1.6.1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Core tasks
        AssignedTo: dev@ant.apache.org
        ReportedBy: jkan@iconstructs.com


I found this in v1.6.1, but the code looks like it didn't change in 1.6.2.

The code in SQLExec.runStatements(Reader reader, PrintStream out) that parses
the sql input into individual statements fails if the input contains a string
with "--" inside of it.  So, for example, if the input looks like

   INSERT INTO some_table VALUES (1, "Blah blah blah--blah blah blah");
   INSERT INTO some_table VALUES (2, "Blah blah blah blah blah blah");

it never finds the first delimiter character, so you get a SQL syntax exception:

$ ant blah
Buildfile: build.xml

blah:
      [sql] Executing commands
      [sql] Failed to execute:   INSERT INTO some_table VALUES (1, 'Blah blah
blah--blah blah blah');
      [sql]  INSERT INTO some_table VALUES (2, "Blah blah blah blah blah blah")

BUILD FAILED
C:\ici\r180\build\build.xml:814: java.sql.SQLException: Syntax error or access
violation,  message from server: "You have an error in your SQL syntax.  Check
the manual that corresponds to your MySQL
server version for the right syntax to use near ';
 INSERT INTO some_table VALUES (2, "Blah blah blah blah blah "

Total time: 2 seconds


The same sql seems to work from the "mysql" command line and other jdbc-based tools.

Here's the problem:

            // SQL defines "--" as a comment to EOL
            // and in Oracle it may contain a hint
            // so we cannot just remove it, instead we must end it
            if (!keepformat) {
                if (line.indexOf("--") >= 0) {
                    sql.append("\n");
                }
            }
            if ((delimiterType.equals(DelimiterType.NORMAL)
                 && sql.toString().endsWith(delimiter))
                ||
                (delimiterType.equals(DelimiterType.ROW)
                 && line.equals(delimiter))) {
                execSQL(sql.substring(0, sql.length() - delimiter.length()),
                        out);
                sql.replace(0, sql.length(), "");
            }


The code that looks for the delimiter character checks only that the sql buffer
endsWith ";", but the previous section appends a " " or "\n" character to the
sql buffer, so we never find it.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org