Re: [INTERFACES] New code for JDBC driver
От | Bruce Momjian |
---|---|
Тема | Re: [INTERFACES] New code for JDBC driver |
Дата | |
Msg-id | 200106301642.f5UGgkj14915@candle.pha.pa.us обсуждение исходный текст |
Список | pgsql-jdbc |
> No response for my query since yesterday. > > I've changed the code in Connection.escapeSQL() to look for semicolons > outside '' and ""'s. > > It's not been well tested, but it seems to work. Someone might want to add > it to the source tree, or to their own local versions if they wish. > OK, here is the diff, I think. Can jdbc people comment on it? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 *** Connection.java Wed Jun 6 20:09:32 2001 --- /bjm/x Sat Jun 30 12:35:39 2001 *************** *** 931,937 **** --- 21,123 ---- index = sql.indexOf("{d"); } //System.out.println ("modified SQL: " + sql); + + + + + //---- Added by Arsalan + String query = sql; + + //2== uninitialised 1==true 0==false + int openTick = 2; + int openQuote = 2; + char oneChar; + + // query = query.toLowerCase(); + + if(query.indexOf(";") == -1) // no semi's at all + { return sql; } + for(int i=0; i<query.length(); i++) + { + oneChar = query.charAt(i); + + if((oneChar == ';' && openTick == 0 && openQuote != 1) || (oneChar == ';' && openQuote == 0 && openTick != 1)) + { + throw new SQLException("Found an external SEMICOLON!! at i = "+i); + } + + if(oneChar == '\'') //is a ' + { + + System.out.println("in '"); + int j = i; + if(++j < query.length()) + { + if(query.charAt(j) == '\'') //is an escape + { + i++; //skip them + continue; + } + else //genuine tick! + { + if(openTick == 0) + { + openTick = 1; + } + else if(openTick == 1) + { + openTick = 0; + } + else if(openTick == 2) //initialise it + { + openTick = 1; + } + } + } + } + + + if(oneChar == '"') //is a " + { + System.out.println("in \""); + int j = i; + if(++j < query.length()) + { + if(query.charAt(j) == '"') //is an escape + { + i++; //skip them + continue; + } + else //genuine quote! + { + if(openQuote == 0) + { + openQuote = 1; + } + else if(openQuote == 1) + { + openQuote = 0; + } + else if(openQuote == 2) //initialise it + { + openQuote = 1; + } + } + } + } + + + } + + + + + //------Addition ends + + + + return sql; }
В списке pgsql-jdbc по дате отправления: