Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-4654

Restriction.toSQL() doesn't escape special characters

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.6.1.0
    • Fix Version/s: 10.6.2.1, 10.7.1.1
    • Component/s: SQL
    • Labels:
      None

      Description

      org.apache.derby.vti.Restriction.toSQL() adds double quotes around column names, but it does not escape the special characters (like double quotes) in the column names, so the returned string may not be valid SQL. This could cause problems when using the restriction to generate a query against an external database.

      Restriction.doubleQuote() should use IdUtil.normalToDelimited() to get proper quoting of the names.

        Attachments

        1. derby-4654.diff
          5 kB
          Knut Anders Hatlen
        2. derby-4654-2.diff
          5 kB
          Knut Anders Hatlen

          Activity

            People

            • Assignee:
              knutanders Knut Anders Hatlen
              Reporter:
              knutanders Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: