https://sourceforge.net/p/judoscript/bugs/Recent changes to bugsenThu, 23 Mar 2006 06:39:25 -0000https://sourceforge.net/p/judoscript/bugs/1/<div class="markdown_content"><p>checkNamedBindParameters in DBHandle seems very buggy!!</p> <p>for (int i=0; i&lt;sql.length(); ++i) {<br /> char ch = sql.charAt(i);<br /> switch(state) {<br /> case 1: // state of in-string<br /> switch(ch) {<br /> case ':': state = 2; ch = '?'; break;<br /> case '\'': state = 1; break;<br /> default: sb.append(ch); break;<br /> }<br /> break;</p> <p>case 2: // state of the parameter name<br /> if (!Character.isJavaIdentifierPart(ch)) {<br /> state = 0;<br /> sb.append(ch);<br /> namedBindParameters.put(sb1.toString(), new<br /> Integer(idx++));<br /> sb1.setLength(0);<br /> } else {<br /> sb1.append(ch);<br /> }<br /> break;<br /> default: // original state<br /> switch(ch) {<br /> case ':': state = 2; ch = '?'; break;<br /> case '\'': state = 1; break;<br /> }<br /> sb.append(ch);<br /> break;<br /> }<br /> }</p> <p>case 1 seems to be an "in-string" state entered by "'"<br /> from default state. But in case 1 the termination of<br /> the string "'" is never added to the sql string.</p> <p>It's possible to enter a parametername inside a quoted<br /> string? In the implementation it seems to be possible.</p> <p>What is with a string quoted by '"'?</p></div>Alfons SpiegelhauerThu, 23 Mar 2006 06:39:25 -0000https://sourceforge.nete72e8eb802a5d2218de1c4e14545217b6e5a3976