Recent changes to bugshttps://sourceforge.net/p/judoscript/bugs/2006-03-23T06:39:25ZRecent changes to bugsError in DBHandle.checkNamedBindParameters2006-03-23T06:39:25Z2006-03-23T06:39:25ZAlfons Spiegelhauerhttps://sourceforge.net/u/spiegelhauer/https://sourceforge.nete72e8eb802a5d2218de1c4e14545217b6e5a3976<div class="markdown_content"><p>checkNamedBindParameters in DBHandle seems very buggy!!</p>
<p>for (int i=0; i<sql.length(); ++i) {<br />
char ch = sql.charAt(i);<br />
switch(state) {<br />
case 1: // state of in-string<br />
switch(ch) {<br />
case ':': state = 2; ch = '?'; break;<br />
case '\'': state = 1; break;<br />
default: sb.append(ch); break;<br />
}<br />
break;</p>
<p>case 2: // state of the parameter name<br />
if (!Character.isJavaIdentifierPart(ch)) {<br />
state = 0;<br />
sb.append(ch);<br />
namedBindParameters.put(sb1.toString(), new<br />
Integer(idx++));<br />
sb1.setLength(0);<br />
} else {<br />
sb1.append(ch);<br />
}<br />
break;<br />
default: // original state<br />
switch(ch) {<br />
case ':': state = 2; ch = '?'; break;<br />
case '\'': state = 1; break;<br />
}<br />
sb.append(ch);<br />
break;<br />
}<br />
}</p>
<p>case 1 seems to be an "in-string" state entered by "'"<br />
from default state. But in case 1 the termination of<br />
the string "'" is never added to the sql string.</p>
<p>It's possible to enter a parametername inside a quoted<br />
string? In the implementation it seems to be possible.</p>
<p>What is with a string quoted by '"'?</p></div>