Skip to content

Commit

Permalink
Fix | Fix issues with apostrophe being passed in table name + Improve…
Browse files Browse the repository at this point in the history 
…ments in SQLServerParameterMetadata (#780)
  • Loading branch information
@cheenamalhotra
cheenamalhotra authored Sep 25, 2018
1 parent 037a11d commit 98d6962
Show file tree
Hide file tree
Showing 36 changed files with 482 additions and 402 deletions.
12 changes: 6 additions & 6 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerBulkCopy.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1712,8 +1712,8 @@ private void getDestinationMetadata() throws SQLServerException {
ResultSet.CONCUR_READ_ONLY, connection.getHoldability(), stmtColumnEncriptionSetting);

// Get destination metadata
rs = stmt.executeQueryInternal(
"sp_executesql N'SET FMTONLY ON SELECT * FROM " + destinationTableName + " '");
rs = stmt.executeQueryInternal("sp_executesql N'SET FMTONLY ON SELECT * FROM "
+ Util.escapeSingleQuotes(destinationTableName) + " '");
}

destColumnCount = rs.getMetaData().getColumnCount();
Expand All @@ -1724,11 +1724,11 @@ private void getDestinationMetadata() throws SQLServerException {
// SQL server prior to 2016 does not support encryption_type
rsMoreMetaData = ((SQLServerStatement) connection.createStatement())
.executeQueryInternal("select collation_name from sys.columns where " + "object_id=OBJECT_ID('"
+ destinationTableName + "') " + "order by column_id ASC");
+ Util.escapeSingleQuotes(destinationTableName) + "') " + "order by column_id ASC");
} else {
rsMoreMetaData = ((SQLServerStatement) connection.createStatement())
.executeQueryInternal("select collation_name, encryption_type from sys.columns where "
+ "object_id=OBJECT_ID('" + destinationTableName + "') " + "order by column_id ASC");
rsMoreMetaData = ((SQLServerStatement) connection.createStatement()).executeQueryInternal(
"select collation_name, encryption_type from sys.columns where " + "object_id=OBJECT_ID('"
+ Util.escapeSingleQuotes(destinationTableName) + "') " + "order by column_id ASC");
}
for (int i = 1; i <= destColumnCount; ++i) {
if (rsMoreMetaData.next()) {
Expand Down
388 changes: 195 additions & 193 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerParameterMetaData.java
View file

Large diffs are not rendered by default.

10 changes: 6 additions & 4 deletions src/main/java/com/microsoft/sqlserver/jdbc/SQLServerPreparedStatement.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1970,8 +1970,9 @@ public int[] executeBatch() throws SQLServerException, BatchUpdateException, SQL
try (SQLServerStatement stmt = (SQLServerStatement) connection.createStatement(
ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY, connection.getHoldability(),
stmtColumnEncriptionSetting);
SQLServerResultSet rs = stmt.executeQueryInternal(
"sp_executesql N'SET FMTONLY ON SELECT * FROM " + tableName + " '");) {
SQLServerResultSet rs = stmt
.executeQueryInternal("sp_executesql N'SET FMTONLY ON SELECT * FROM "
+ Util.escapeSingleQuotes(tableName) + " '");) {
if (null != columnList && columnList.size() > 0) {
if (columnList.size() != valueList.size()) {
throw new IllegalArgumentException(
Expand Down Expand Up @@ -2123,8 +2124,9 @@ public long[] executeLargeBatch() throws SQLServerException, BatchUpdateExceptio
try (SQLServerStatement stmt = (SQLServerStatement) connection.createStatement(
ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_READ_ONLY, connection.getHoldability(),
stmtColumnEncriptionSetting);
SQLServerResultSet rs = stmt.executeQueryInternal(
"sp_executesql N'SET FMTONLY ON SELECT * FROM " + tableName + " '");) {
SQLServerResultSet rs = stmt
.executeQueryInternal("sp_executesql N'SET FMTONLY ON SELECT * FROM "
+ Util.escapeSingleQuotes(tableName) + " '");) {
if (null != columnList && columnList.size() > 0) {
if (columnList.size() != valueList.size()) {
throw new IllegalArgumentException(
Expand Down
11 changes: 11 additions & 0 deletions src/main/java/com/microsoft/sqlserver/jdbc/Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -981,6 +981,17 @@ static synchronized boolean checkIfNeedNewAccessToken(SQLServerConnection connec
static boolean use43Wrapper() {
return use43Wrapper;
}

/**
* Escapes single quotes (') in object name to convert and pass it as String safely.
*
* @param name
* Object name to be passed as String
* @return Converted object name
*/
static String escapeSingleQuotes(String name) {
return name.replace("'", "''");
}
}


Expand Down
Loading

0 comments on commit 98d6962

Please sign in to comment.