You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (JIRA)" <ji...@apache.org> on 2008/05/21 14:05:55 UTC
[jira] Updated: (DERBY-3682) SYSCS_BULK_INSERT doesn't quote
identifiers or strings properly
[ https://issues.apache.org/jira/browse/DERBY-3682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Knut Anders Hatlen updated DERBY-3682:
--------------------------------------
Attachment: d3682.diff
The attached patch fixes the missing escaping of identifiers and literals. I also modified VTITest so that it runs the bulk insert test with a table whose name contains " and '.
Ideally, the SYSCS_BULK_INSERT procedure should have used question marks and setString() instead of manually escaped string literals in the SQL text it built, but the parameters to the Warehouse VTI used in VTITest are required at compile time, and the test therefore failed if the statement was parametrized.
I have started the regression tests.
> SYSCS_BULK_INSERT doesn't quote identifiers or strings properly
> ---------------------------------------------------------------
>
> Key: DERBY-3682
> URL: https://issues.apache.org/jira/browse/DERBY-3682
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.4.1.3
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Priority: Minor
> Attachments: d3682.diff
>
>
> Discovered by Mamta A. Satoor in DERBY-1062.
> SYSCS_BULK_INSERT builds an insert statement in which it doesn't quote the schema name or the table name. It also takes string parameters that are inserted into the statement text with single quotes around them, but that won't work if those strings contain single quote characters.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.