Skip Menu |
 

This queue is for tickets about the SQL-Statement CPAN distribution.

Report information
The Basics
Id: 55190
Status: stalled
Priority: 0/
Queue: SQL-Statement

People
Owner: Nobody in particular
Requestors: joseignacio.hernando [...] upm.es
kennedyri [...] gmail.com
rafaeldomingues [...] ubix.com.br
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Parser strips comments from within quoted strings
Date: Wed, 3 Mar 2010 12:32:15 -0600
To: bug-SQL-Statement <bug-SQL-Statement [...] rt.cpan.org>
From: Rob Kennedy <kennedyri [...] gmail.com>
Download (untitled) / with headers
text/plain 990b
When an SQL statement contains two consecutive dashes, SQL::Parser::parse strips the remainder of the line, even when those dashes are part of another token. use SQL::Statement; $parser = SQL::Parser->new(); $stmt = SQL::Statement->new("select a from b where good = 'good' ", $parser); $stmt = SQL::Statement->new("select a from b where passes = '--'\n' ", $parser); $stmt = SQL::Statement->new("select a from b where bad = '--' ", $parser); The "good" case is fine. The "passes" case should fail due to the extra apostrophe at the end of the input, after the newline, but the parser accepts it. The "bad" case should pass because the dashes are inside a quoted string. The error I get: Mismatched single quote before: 'select a from b where bad = '' I'm using SQL::Statement 1.23 with Perl 5.10.0 on Solaris 10. It's clear from Parser.pm line 85 what the problem is. The regular expression to strip the first comment gets applied before any tokenization. -- Rob Kennedy
Download (untitled) / with headers
text/plain 250b
From my point of view it's another result of the bug described in RT#53416 and exactly a duplicate of ticket #53617 (https://rt.cpan.org/Ticket/Display.html?id=53617) in the right module. Do you agree? I suggest using the described workaround there.
Subject: Re: [rt.cpan.org #55190] Parser strips comments from within quoted strings
Date: Thu, 4 Mar 2010 09:44:22 -0600
To: bug-SQL-Statement [...] rt.cpan.org
From: Rob Kennedy <kennedyri [...] gmail.com>
Download (untitled) / with headers
text/plain 610b
Yes, I agree it's the same bug as the one described in #53617. It's similar to #53416 inasmuch as they're both caused by Parser "jumping" to the next expected pattern without regard for what it jumped over. In my case, I can't use the placeholder workaround since I'm not in control of the SQL I'm parsing. It's generated during a Sybase database dump. I have no need to execute the SQL, just get table and column names, so I've abandoned SQL::Statement for this project and gone with Parse::RecDescent instead, adapting the grammar at http://www.adp-gmbh.ch/perl/erd.html to handle the few commands I need.
Subject: problem with '--'
Date: Mon, 14 Nov 2011 23:03:18 +0100
To: bug-SQL-Statement [...] rt.cpan.org
From: "jose ignacio hernando" <joseignacio.hernando [...] upm.es>
Download (untitled) / with headers
text/plain 826b
*Distribution name and version DBD::Excel is up to date (0.06). Spreadsheet::WriteExcel is up to date (2.37). Spreadsheet::ParseExcel is up to date (0.59). SQL::Statement is up to date (1.33). DBI is up to date (1.616). *Perl version C:\Documents and Settings\etsam>perl -v This is perl 5, version 12, subversion 3 (v5.12.3) built for MSWin32-x86-multi-thread *Operating System vendor and version windows xp delete from excel_quiz where name='c1:test 7:1' and intro='<!--hello-->' Mismatched single quote before: < and intro='<!> at C:/strawberry/perl/site/lib/SQL/Statement.pm line 88 Command 'AND' not recognized or not supported! at C:/strawberry/perl/site/lib/SQL/Statement.pm line 88 The problem is '--' (two -) in the second string
Duplicate - merge into origin to keep you up-to-date
Subject: DBD::CSV parses into quoted data
Date: Thu, 2 Aug 2012 20:40:32 -0300
To: bug-SQL-Statement [...] rt.cpan.org
From: Rafael Domingues <rafaeldomingues [...] ubix.com.br>
Download (untitled) / with headers
text/plain 1.1k
Hello, I've run into a bug when using DBD::CSV on Perl 5.12.4. Basically, if I try to run this script: use DBI; my $destdb = DBI->connect ("dbi:CSV:", "", "", { f_dir => "." }); $destdb->do ("DROP table test"); $destdb->do ("CREATE TABLE test (id INTEGER, value VARCHAR(255))"); $sql="INSERT into test VALUES (1,'--')"; $destdb->do ($sql); I get this error: Mismatched single quote before: <INSERT into test VALUES (1,'> at /opt/local/lib/perl5/site_perl/5.12.4/SQL/Statement.pm line 88 No table name specified! at /opt/local/lib/perl5/site_perl/5.12.4/SQL/Statement.pm line 88 No command found! at /opt/local/lib/perl5/site_perl/5.12.4/SQL/Statement.pm line 88 DBD::CSV::db do failed: No command found! [for Statement "INSERT into test VALUES (1,'--')"] at testfile.pl I've traced it to line 83, on Parser.pm file. I don't know exactly why it's looking for comments there, but if I change the regular expression to not match -- it solves the problem. I wonder why the parser is verifying into quoted data. I believe this can lead to a more serious bug. Thank you for taking your time to check this out. Best regards, Rafael
This ticket already exists - please read ticket queue carefully.
Still no plans to rewrite SQL::Parser due lack of time.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.