Derby
  1. Derby
  2. DERBY-5157

Incomplete quoting of SQL identifiers in AlterTableConstantAction

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.7.1.1
    • Fix Version/s: 10.8.1.2
    • Component/s: SQL
    • Labels:
      None
    • Issue & fix info:
      Repro attached

      Description

      AlterTableConstantAction generates SQL statements various places. Identifiers (schema names, table names, column names) are surrounded with double quotes in case they contain special characters. This is not enough if the identifiers contain double quotes, as can be seen with this example:

      ij> create table t(x int);
      0 rows inserted/updated/deleted
      ij> alter table t add column """" int default 42;
      ERROR 42X01: Syntax error: Encountered "\"" at line 1, column 22.

      I've found three places where AlterTableConstantAction generates SQL statements: updateNewColumnToDefault(), updateNewAutoincrementColumn(), getColumnMax(). All three places suffer from this problem.

      1. derby-5157-1a.diff
        4 kB
        Knut Anders Hatlen

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Knut Anders Hatlen
              Reporter:
              Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development