Skip Menu |

This queue is for tickets about the SQL-Statement CPAN distribution.

Report information
The Basics
Id: 93320
Status: resolved
Priority: 0/
Queue: SQL-Statement
People
Owner: Nobody in particular
Requestors: wyant [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.405
Fixed in: 1.406_002

History Show all quoted text
  Mon Feb 24 16:43:34 2014 wyant [...] cpan.org - Ticket created
Subject: [patch] SQL-style comment can not begin inside quotes
The SQL::Parser parse() method sees something like INSERT INTO FOO VALUES( 'bar -- baz' ) as containing a comment, strips everything after the double dash, and then chokes on the remaining statement, which has (among other problems) an unclosed quote. The attached patch attempts to remedy this by requiring even numbers of quotes before the comment indicator. There is also a patch to the test suite, which fails before applying the patch to the parser. The patches are against version 1.405 from CPAN. I am not sure what severity to assign this. On the one hand it looks to me like a bug. On the other hand, if it has not already been fixed there must not be a lot of queries in the wild that contain double dashes in string literals.
Subject: SQL-Parser.patch
--- lib/SQL/Parser.old 2013-05-30 06:20:38.000000000 -0400 +++ lib/SQL/Parser.pm 2014-02-24 16:13:55.000000000 -0500 @@ -83,9 +83,10 @@ # SQL STYLE # - if ( $sql =~ s/(--.*)(\n|$)/$2/ ) + # SQL-style comment can not begin inside quotes. + if ( $sql =~ s/^([^']*?(?:'[^']*'[^'])*?)(--.*)(\n|$)/$1$3/ ) { - $self->{comment} = $1; + $self->{comment} = $2; } ################################################################
Subject: SQL-Statement-t-06virtual.patch
--- t/06virtual.old 2013-05-23 03:00:08.000000000 -0400 +++ t/06virtual.t 2014-02-24 16:16:46.000000000 -0500 @@ -94,6 +94,7 @@ CREATE $temp TABLE baz (ordered INTEGER, class CHAR, color CHAR) INSERT INTO baz VALUES ( 250, 'Car', 'White' ), ( 100, 'Car', 'Blue' ), ( 150, 'Car', 'Red' ) INSERT INTO baz VALUES ( 80, 'Truck', 'White' ), ( 60, 'Truck', 'Green' ) -- Yes, we introduce new cars :) + INSERT INTO baz VALUES ( 666, 'Truck', 'Yellow -- no, blue' ) -- Double dash inside quotes does not introduce comment CREATE $temp TABLE numbers (c_foo INTEGER, foo CHAR, bar INTEGER) CREATE $temp TABLE trick (id INTEGER, foo CHAR) INSERT INTO trick VALUES (1, '1foo') @@ -219,7 +220,7 @@ test => 'ORDER BY on aliased column', sql => "SELECT DISTINCT biz.class, baz.color AS foo FROM biz, baz WHERE biz.class = baz.class ORDER BY foo", result => [ - [ qw(Car Blue) ], [ qw(Truck Green) ], [ qw(Car Red) ], [ qw(Car White) ], [ qw(Truck White) ], + [ qw(Car Blue) ], [ qw(Truck Green) ], [ qw(Car Red) ], [ qw(Car White) ], [ qw(Truck White) ], [ Truck => 'Yellow -- no, blue' ], ], }, {
  Tue May 26 03:40:16 2015 REHSACK [...] cpan.org - Status changed from 'new' to 'resolved'
  Tue May 26 03:40:17 2015 REHSACK [...] cpan.org - Fixed in 1.406_002 added