Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
1.4, 1.5
-
None
-
Windows XP Pro SP3
java 1.6.0.18
Solr 1.4 and Solr 1.5-dev using example-DIH and example start.jar
MySQL 5.1
Description
SQL queries are not being properly escaped. Single quotes are being passed to SQL driver. Despite line 78 of EvaluatorBag.java single quotes are being retrieved in fields from the parent entity. When a field containing a single quote is referenced via variable in a child entity's query string it does not get escaped.
I have tested this in both 1.4 and 1.5-dev and receive the same result. Below is the error that I received when this happened:
SEVERE: Exception while processing: person document : solrInputDocument[{Person_hasAlias=Person_hasAlias(1.0)=
{Al'fiuwa}, id=id(1.0)=
{http://x.yz/bk/aya/}, Person_hasTempRi=Person_hasTempRi(1.0)=
{http://x.yz/bk/aya/ > Al'fiuwa}, Person_hasEmailAddress=Person_hasEmailAddress(1.0)={aya@bk.yz}}]
org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to execute query: SELECT * FROM Message WHERE hasAuthor='http://x.yz/bk/aya/ > Al'fiuwa' Processing Document # 593
at org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:72)
at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:251)
at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:208)
at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:39)
at org.apache.solr.handler.dataimport.SqlEntityProcessor.initQuery(SqlEntityProcessor.java:58)
at org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(SqlEntityProcessor.java:71)
at org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:233)
at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:580)
at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:606)
at org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:261)
at org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:185)
at org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:333)
at org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:391)
at org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:372)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fiuwa'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.Util.getInstance(Util.java:381)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1030)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3515)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3447)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1951)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2101)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2548)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2477)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:741)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:587)
at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:244)
... 12 more