Solr
  1. Solr
  2. SOLR-1831

DataImportHandler not escaping single quotes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 1.4, 1.5
    • Fix Version/s: None
    • Environment:

      Windows XP Pro SP3
      java 1.6.0.18
      Solr 1.4 and Solr 1.5-dev using example-DIH and example start.jar
      MySQL 5.1

      Description

      SQL queries are not being properly escaped. Single quotes are being passed to SQL driver. Despite line 78 of EvaluatorBag.java single quotes are being retrieved in fields from the parent entity. When a field containing a single quote is referenced via variable in a child entity's query string it does not get escaped.

      I have tested this in both 1.4 and 1.5-dev and receive the same result. Below is the error that I received when this happened:

      SEVERE: Exception while processing: person document : solrInputDocument[{Person_hasAlias=Person_hasAlias(1.0)=

      {Al'fiuwa}

      , id=id(1.0)=

      {http://x.yz/bk/aya/}

      , Person_hasTempRi=Person_hasTempRi(1.0)=

      {http://x.yz/bk/aya/ > Al'fiuwa}

      , Person_hasEmailAddress=Person_hasEmailAddress(1.0)={aya@bk.yz}}]
      org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to execute query: SELECT * FROM Message WHERE hasAuthor='http://x.yz/bk/aya/ > Al'fiuwa' Processing Document # 593
      at org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:72)
      at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:251)
      at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:208)
      at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:39)
      at org.apache.solr.handler.dataimport.SqlEntityProcessor.initQuery(SqlEntityProcessor.java:58)
      at org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(SqlEntityProcessor.java:71)
      at org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:233)
      at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:580)
      at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:606)
      at org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:261)
      at org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:185)
      at org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:333)
      at org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:391)
      at org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:372)
      Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fiuwa'' at line 1
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
      at com.mysql.jdbc.Util.getInstance(Util.java:381)
      at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1030)
      at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
      at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3515)
      at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3447)
      at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1951)
      at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2101)
      at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2548)
      at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2477)
      at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:741)
      at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:587)
      at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:244)
      ... 12 more

        Activity

        Kevin created issue -
        Hide
        Kevin added a comment -

        Forgot to mention I was using the provided examples

        Show
        Kevin added a comment - Forgot to mention I was using the provided examples
        Kevin made changes -
        Field Original Value New Value
        Environment Windows XP Pro SP3
        java 1.6.0.18
        Solr 1.4, Solr 1.5 dev
        MySQL 5.1
        Windows XP Pro SP3
        java 1.6.0.18
        Solr 1.4 and Solr 1.5-dev using example-DIH and example start.jar
        MySQL 5.1
        Hide
        Noble Paul added a comment -

        this is not a bug . use the escapeSql function .to escape special chars

        Show
        Noble Paul added a comment - this is not a bug . use the escapeSql function .to escape special chars
        Hide
        Kevin added a comment -

        Wow, I didn't know I was that dumb. Thanks for pointing out the escapeSql function, and sorry for wasting your time.

        Show
        Kevin added a comment - Wow, I didn't know I was that dumb. Thanks for pointing out the escapeSql function, and sorry for wasting your time.
        Hide
        Kevin added a comment -

        Dumb user; disregard.

        Show
        Kevin added a comment - Dumb user; disregard.
        Kevin made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Not A Problem [ 8 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Kevin
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development