Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-5157

Incomplete quoting of SQL identifiers in AlterTableConstantAction

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.7.1.1
    • Fix Version/s: 10.8.1.2
    • Component/s: SQL
    • Labels:
      None
    • Issue & fix info:
      Repro attached

      Description

      AlterTableConstantAction generates SQL statements various places. Identifiers (schema names, table names, column names) are surrounded with double quotes in case they contain special characters. This is not enough if the identifiers contain double quotes, as can be seen with this example:

      ij> create table t(x int);
      0 rows inserted/updated/deleted
      ij> alter table t add column """" int default 42;
      ERROR 42X01: Syntax error: Encountered "\"" at line 1, column 22.

      I've found three places where AlterTableConstantAction generates SQL statements: updateNewColumnToDefault(), updateNewAutoincrementColumn(), getColumnMax(). All three places suffer from this problem.

        Attachments

        1. derby-5157-1a.diff
          4 kB
          Knut Anders Hatlen

          Issue Links

            Activity

              People

              • Assignee:
                knutanders Knut Anders Hatlen
                Reporter:
                knutanders Knut Anders Hatlen
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: