Bug #57957 for DBD-ODBC: dbd_preparse not ignoring placeholders in comments

Fri May 28 15:52:51 2010 MPREWITT [...] cpan.org - Ticket created

CC:	prewittm [...] ms.com
Subject:	dbd_preparse not ignoring placeholders in comments

We encountered the 'DBD::ODBC does not yet support binding a named parameter more than once' error when something that looked like a placeholder was found in the SQL comments part of a query like this: /* $Date: 2010/05/01 12:00:00 */ select * from tb The :00 and :00 were interpreted as placeholders. I looked at dbd_preparse in dbdimp.c and see why it is happening. It looks like there is no detection as to whether you are in or outside of a comment. If you look at the recent versions of dbdimp.c in DBD::Sybase, you'll see they've added code to detect this this situation and ignore anything inside line or block comments: while (*src) { next_state = state; /* default situation */ while (*src) { next_state = state; /* default situation */ switch (state) { case DEFAULT: if (*src == '\'' || *src == '"') { last_literal = *src; next_state = LITERAL; } else if (*src == '/' && *(src+1) == '*') { next_state = COMMENT; } else if (*src == '-' && *(src+1) == '-') { next_state = LINE_COMMENT; } else if (*src == '@') { varname[0] = '@'; pos = 1; next_state = VARIABLE; } break; case LITERAL: if (*src == last_literal) { next_state = DEFAULT; } break; case COMMENT: if (*(src-1) == '*' && *src == '/') { next_state = DEFAULT; } break; case LINE_COMMENT: if (*src == '\n') { next_state = DEFAULT; } break; case VARIABLE: if (!isalnum(*src) && *src != '_') { varname[pos] = 0; next_state = DEFAULT; } else if (pos < VARNAME_LEN) { varname[pos++] = *src; } } It would be great to add this to the ODBC version of dbdimp.c (looks like it was originally copied from the DBD::Sybase implementation (or a common base)).

Tue Jun 01 09:17:56 2010 bohica [...] ntlworld.com - Correspondence added

On Fri May 28 15:52:51 2010, MPREWITT wrote: Show quoted text

> We encountered the 'DBD::ODBC does not yet support binding a named > parameter more than once' error when something that looked like a > placeholder was found in the SQL comments part of a query like this: > > /* $Date: 2010/05/01 12:00:00 */ > select * from tb > > The :00 and :00 were interpreted as placeholders. I looked at > dbd_preparse in dbdimp.c and see why it is happening. It looks like > there is no detection as to whether you are in or outside of a comment. > If you look at the recent versions of dbdimp.c in DBD::Sybase, you'll > see they've added code to detect this this situation and ignore anything > inside line or block comments: > > while (*src) { > next_state = state; /* default situation */ > while (*src) { > next_state = state; /* default situation */ > switch (state) { > case DEFAULT: > if (*src == '\'' || *src == '"') { > last_literal = *src; > next_state = LITERAL; > } else if (*src == '/' && *(src+1) == '*') { > next_state = COMMENT; > } else if (*src == '-' && *(src+1) == '-') { > next_state = LINE_COMMENT; > } else if (*src == '@') { > varname[0] = '@'; > pos = 1; > next_state = VARIABLE; > } > break; > case LITERAL: > if (*src == last_literal) { > next_state = DEFAULT; > } > break; > case COMMENT: > if (*(src-1) == '*' && *src == '/') { > next_state = DEFAULT; > } > break; > case LINE_COMMENT: > if (*src == '\n') { > next_state = DEFAULT; > } > break; > case VARIABLE: > if (!isalnum(*src) && *src != '_') { > varname[pos] = 0; > next_state = DEFAULT; > } else if (pos < VARNAME_LEN) { > varname[pos++] = *src; > } > } > > It would be great to add this to the ODBC version of dbdimp.c (looks > like it was originally copied from the DBD::Sybase implementation (or a > common base)).

I've no idea where that code came from - before my time. I will try and add this in 1.24_2. Martin -- Martin J. Evans Wetherby, UK

Tue Jun 01 09:17:59 2010 The RT System itself - Status changed from 'new' to 'open'

Mon Jun 07 15:04:01 2010 bohica [...] ntlworld.com - Correspondence added

On Fri May 28 15:52:51 2010, MPREWITT wrote: Show quoted text

> We encountered the 'DBD::ODBC does not yet support binding a named > parameter more than once' error when something that looked like a > placeholder was found in the SQL comments part of a query like this: > > /* $Date: 2010/05/01 12:00:00 */ > select * from tb > > The :00 and :00 were interpreted as placeholders. I looked at > dbd_preparse in dbdimp.c and see why it is happening. It looks like > there is no detection as to whether you are in or outside of a comment. > If you look at the recent versions of dbdimp.c in DBD::Sybase, you'll > see they've added code to detect this this situation and ignore anything > inside line or block comments: > > while (*src) { > next_state = state; /* default situation */ > while (*src) { > next_state = state; /* default situation */ > switch (state) { > case DEFAULT: > if (*src == '\'' || *src == '"') { > last_literal = *src; > next_state = LITERAL; > } else if (*src == '/' && *(src+1) == '*') { > next_state = COMMENT; > } else if (*src == '-' && *(src+1) == '-') { > next_state = LINE_COMMENT; > } else if (*src == '@') { > varname[0] = '@'; > pos = 1; > next_state = VARIABLE; > } > break; > case LITERAL: > if (*src == last_literal) { > next_state = DEFAULT; > } > break; > case COMMENT: > if (*(src-1) == '*' && *src == '/') { > next_state = DEFAULT; > } > break; > case LINE_COMMENT: > if (*src == '\n') { > next_state = DEFAULT; > } > break; > case VARIABLE: > if (!isalnum(*src) && *src != '_') { > varname[pos] = 0; > next_state = DEFAULT; > } else if (pos < VARNAME_LEN) { > varname[pos++] = *src; > } > } > > It would be great to add this to the ODBC version of dbdimp.c (looks > like it was originally copied from the DBD::Sybase implementation (or a > common base)).

Should be fixed in the subversion trunk now. I added support for inline comments (/* comment */) and line comments (-- comment ends on newline). I've also added some tests for it. If you want to give it a go send me you Perl distribution/platform (e.g., if ActiveState, Strawberry or UNIX) and I'll mail you instructions. I will probably release 1.24_2 with this change to CPAN shortly. Martin -- Martin J. Evans Wetherby, UK

Mon Jun 07 15:34:19 2010 marc.prewitt [...] morganstanley.com - Correspondence added

CC:	"Banai, Zoltan" <Zoltan.Banai [...] morganstanley.com>
Subject:	RE: [rt.cpan.org #57957] dbd_preparse not ignoring placeholders in comments
Date:	Mon, 7 Jun 2010 15:33:20 -0400
To:	<bug-DBD-ODBC [...] rt.cpan.org>
From:	"Prewitt, Marc" <Marc.Prewitt [...] morganstanley.com>

Thanks Martin. We're using perl 5.10/unix. We'll give it a try. Zoltan, If we can try this out in /ms/dev I can test it out there. Thanks, Marc Show quoted text

-----Original Message----- From: Martin J Evans via RT [mailto:bug-DBD-ODBC@rt.cpan.org] Sent: Monday, June 07, 2010 3:04 PM To: MPREWITT@cpan.org Cc: Prewitt, Marc (IT) Subject: [rt.cpan.org #57957] dbd_preparse not ignoring placeholders in comments <URL: https://rt.cpan.org/Ticket/Display.html?id=57957 > On Fri May 28 15:52:51 2010, MPREWITT wrote:

> We encountered the 'DBD::ODBC does not yet support binding a named > parameter more than once' error when something that looked like a > placeholder was found in the SQL comments part of a query like this: > > /* $Date: 2010/05/01 12:00:00 */ > select * from tb > > The :00 and :00 were interpreted as placeholders. I looked at > dbd_preparse in dbdimp.c and see why it is happening. It looks like > there is no detection as to whether you are in or outside of a comment. > If you look at the recent versions of dbdimp.c in DBD::Sybase, you'll > see they've added code to detect this this situation and ignore anything > inside line or block comments: > > while (*src) { > next_state = state; /* default situation */ > while (*src) { > next_state = state; /* default situation */ > switch (state) { > case DEFAULT: > if (*src == '\'' || *src == '"') { > last_literal = *src; > next_state = LITERAL; > } else if (*src == '/' && *(src+1) == '*') { > next_state = COMMENT; > } else if (*src == '-' && *(src+1) == '-') { > next_state = LINE_COMMENT; > } else if (*src == '@') { > varname[0] = '@'; > pos = 1; > next_state = VARIABLE; > } > break; > case LITERAL: > if (*src == last_literal) { > next_state = DEFAULT; > } > break; > case COMMENT: > if (*(src-1) == '*' && *src == '/') { > next_state = DEFAULT; > } > break; > case LINE_COMMENT: > if (*src == '\n') { > next_state = DEFAULT; > } > break; > case VARIABLE: > if (!isalnum(*src) && *src != '_') { > varname[pos] = 0; > next_state = DEFAULT; > } else if (pos < VARNAME_LEN) { > varname[pos++] = *src; > } > } > > It would be great to add this to the ODBC version of dbdimp.c (looks > like it was originally copied from the DBD::Sybase implementation (or a > common base)).

Should be fixed in the subversion trunk now. I added support for inline comments (/* comment */) and line comments (-- comment ends on newline). I've also added some tests for it. If you want to give it a go send me you Perl distribution/platform (e.g., if ActiveState, Strawberry or UNIX) and I'll mail you instructions. I will probably release 1.24_2 with this change to CPAN shortly. Martin -- Martin J. Evans Wetherby, UK -------------------------------------------------------------------------- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.

Tue Jun 08 04:00:10 2010 bohica [...] ntlworld.com - Correspondence added

On Mon Jun 07 15:34:19 2010, marc.prewitt@morganstanley.com wrote: Show quoted text

> Thanks Martin. We're using perl 5.10/unix. We'll give it a try. > > Zoltan, > > If we can try this out in /ms/dev I can test it out there. > > Thanks, > Marc

If you have a subversion client then do: svn checkout http://svn.perl.org/modules/dbd-odbc/trunk <your directory name here> If you use an HTTP proxy you may need your http_proxy env var setting. Alternatively, mail me (mjevans at cpan dot org) and I'll send you a copy of the trunk. cd <your directory name here> export DBI_DSN=dbi:ODBC:yourdsn export DBI_USER=db_username export DBI_PASS=db_password perl Makefile.PL make make test The test t/rt_57957.t has a few minor tests for placeholders in comments and literals. To run your own perl with this DBD::ODBC either: perl -I<your directory name here>/blib/lib -I<your_directory_name_here>/blib/arch myperl.pl or make install it. Let me know how you get on. Martin -- Martin J. Evans Wetherby, UK

Sun Jun 13 14:57:36 2010 marc.prewitt [...] morganstanley.com - Correspondence added

Subject:	Re: [rt.cpan.org #57957] dbd_preparse not ignoring placeholders in comments
Date:	Sun, 13 Jun 2010 14:57:25 -0400
To:	<bug-DBD-ODBC [...] rt.cpan.org>, <MPREWITT [...] cpan.org>
From:	"Prewitt, Marc" <Marc.Prewitt [...] morganstanley.com>

Initial testing looks good. I'm going to run this version on our devel system for a while and see if anything comes up. Thanks, Marc Show quoted text

----- Original Message ----- From: Martin J Evans via RT <bug-DBD-ODBC@rt.cpan.org> To: MPREWITT@cpan.org <MPREWITT@cpan.org> Cc: Prewitt, Marc (IT) Sent: Tue Jun 08 04:00:12 2010 Subject: [rt.cpan.org #57957] dbd_preparse not ignoring placeholders in comments <URL: https://rt.cpan.org/Ticket/Display.html?id=57957 > On Mon Jun 07 15:34:19 2010, marc.prewitt@morganstanley.com wrote:

> Thanks Martin. We're using perl 5.10/unix. We'll give it a try. > > Zoltan, > > If we can try this out in /ms/dev I can test it out there. > > Thanks, > Marc

If you have a subversion client then do: svn checkout http://svn.perl.org/modules/dbd-odbc/trunk <your directory name here> If you use an HTTP proxy you may need your http_proxy env var setting. Alternatively, mail me (mjevans at cpan dot org) and I'll send you a copy of the trunk. cd <your directory name here> export DBI_DSN=dbi:ODBC:yourdsn export DBI_USER=db_username export DBI_PASS=db_password perl Makefile.PL make make test The test t/rt_57957.t has a few minor tests for placeholders in comments and literals. To run your own perl with this DBD::ODBC either: perl -I<your directory name here>/blib/lib -I<your_directory_name_here>/blib/arch myperl.pl or make install it. Let me know how you get on. Martin -- Martin J. Evans Wetherby, UK -------------------------------------------------------------------------- NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.

Thu Jun 17 16:28:01 2010 bohica [...] ntlworld.com - Correspondence added

On Sun Jun 13 14:57:36 2010, marc.prewitt@morganstanley.com wrote: Show quoted text

> Initial testing looks good. I'm going to run this version on our devel > system for a while and see if anything comes up. > > Thanks, > Marc

How are you getting on with this. I am close to doing a new development release and would like some reassurance that this change has worked and not broken something. Martin -- Martin J. Evans Wetherby, UK

Fri Jul 23 14:24:04 2010 bohica [...] ntlworld.com - Correspondence added

On Thu Jun 17 16:28:01 2010, MJEVANS wrote: Show quoted text

> On Sun Jun 13 14:57:36 2010, marc.prewitt@morganstanley.com wrote:

> > Initial testing looks good. I'm going to run this version on our devel > > system for a while and see if anything comes up. > > > > Thanks, > > Marc

> > How are you getting on with this. I am close to doing a new development > release and would like some reassurance that this change has worked and > not broken something. > > Martin

This is fixed in DBD::ODBC 1.24_2 which is on its way to CPAN and I will close it as soon as rt sees 1.24_2. Martin -- Martin J. Evans Wetherby, UK

Sat Jul 24 04:31:14 2010 bohica [...] ntlworld.com - Status changed from 'open' to 'resolved'

Sat Jul 24 04:31:15 2010 bohica [...] ntlworld.com - Fixed in 1.24_2 added