Skip Menu |
 

This queue is for tickets about the SQL-Statement CPAN distribution.

Report information
The Basics
Id: 93320
Status: resolved
Priority: 0/
Queue: SQL-Statement

People
Owner: Nobody in particular
Requestors: wyant [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.405
Fixed in: 1.406_002



Subject: [patch] SQL-style comment can not begin inside quotes
Download (untitled) / with headers
text/plain 740b
The SQL::Parser parse() method sees something like INSERT INTO FOO VALUES( 'bar -- baz' ) as containing a comment, strips everything after the double dash, and then chokes on the remaining statement, which has (among other problems) an unclosed quote. The attached patch attempts to remedy this by requiring even numbers of quotes before the comment indicator. There is also a patch to the test suite, which fails before applying the patch to the parser. The patches are against version 1.405 from CPAN. I am not sure what severity to assign this. On the one hand it looks to me like a bug. On the other hand, if it has not already been fixed there must not be a lot of queries in the wild that contain double dashes in string literals.
Subject: SQL-Parser.patch
Download SQL-Parser.patch
text/x-diff 472b
--- lib/SQL/Parser.old 2013-05-30 06:20:38.000000000 -0400 +++ lib/SQL/Parser.pm 2014-02-24 16:13:55.000000000 -0500 @@ -83,9 +83,10 @@ # SQL STYLE # - if ( $sql =~ s/(--.*)(\n|$)/$2/ ) + # SQL-style comment can not begin inside quotes. + if ( $sql =~ s/^([^']*?(?:'[^']*'[^'])*?)(--.*)(\n|$)/$1$3/ ) { - $self->{comment} = $1; + $self->{comment} = $2; } ################################################################
Subject: SQL-Statement-t-06virtual.patch
--- t/06virtual.old 2013-05-23 03:00:08.000000000 -0400 +++ t/06virtual.t 2014-02-24 16:16:46.000000000 -0500 @@ -94,6 +94,7 @@ CREATE $temp TABLE baz (ordered INTEGER, class CHAR, color CHAR) INSERT INTO baz VALUES ( 250, 'Car', 'White' ), ( 100, 'Car', 'Blue' ), ( 150, 'Car', 'Red' ) INSERT INTO baz VALUES ( 80, 'Truck', 'White' ), ( 60, 'Truck', 'Green' ) -- Yes, we introduce new cars :) + INSERT INTO baz VALUES ( 666, 'Truck', 'Yellow -- no, blue' ) -- Double dash inside quotes does not introduce comment CREATE $temp TABLE numbers (c_foo INTEGER, foo CHAR, bar INTEGER) CREATE $temp TABLE trick (id INTEGER, foo CHAR) INSERT INTO trick VALUES (1, '1foo') @@ -219,7 +220,7 @@ test => 'ORDER BY on aliased column', sql => "SELECT DISTINCT biz.class, baz.color AS foo FROM biz, baz WHERE biz.class = baz.class ORDER BY foo", result => [ - [ qw(Car Blue) ], [ qw(Truck Green) ], [ qw(Car Red) ], [ qw(Car White) ], [ qw(Truck White) ], + [ qw(Car Blue) ], [ qw(Truck Green) ], [ qw(Car Red) ], [ qw(Car White) ], [ qw(Truck White) ], [ Truck => 'Yellow -- no, blue' ], ], }, {


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.