List:Internals« Previous MessageNext Message »
From:rburnett Date:October 13 2005 11:16pm
Subject:Connector/NET commit: r193 - in branches/1.0: . TestSuite mysqlclient
View as plain text  
Modified:
   branches/1.0/CHANGES
   branches/1.0/TestSuite/StoredProcedure.cs
   branches/1.0/mysqlclient/StoredProcedure.cs
   branches/1.0/mysqlclient/command.cs
Log:
Bug #13753  	Exception calling stored procedure with special characters in parameters
[fixed]

command.cs - Allow @ to terminate a parameter name in TokenizeSql.  This can be
problematic if old syntax=yes since that would allow @ to start a parameter name.

StoredProcedure.cs - Check parameters from stored procedures for leading and trailing
quote marks (`, ", or ') and, if present, trim one from start and the end

TestSuite/StoredProcedure.cs - Added test case.

Modified: branches/1.0/CHANGES
===================================================================
--- branches/1.0/CHANGES	2005-10-13 20:47:54 UTC (rev 192)
+++ branches/1.0/CHANGES	2005-10-13 21:16:56 UTC (rev 193)
@@ -7,7 +7,8 @@
 	Bug #13662 Prepare() truncates accented character input [already fixed, added test]
 	Bug #11947 MySQLCommandBuilder mishandling CONCAT() aliased column [updated test case]
 	Bug #13541 Prepare breaks if a parameter is used more than once [fixed]
-	Bug #13632 the MySQLCommandBuilder.deriveparameters has not been updated for MySQL 5	
+	Bug #13632 the MySQLCommandBuilder.deriveparameters has not been updated for MySQL 5
+	Bug #13753 Exception calling stored procedure with special characters in parameters
 	
 	Other changes
 	-------------------------    

Modified: branches/1.0/TestSuite/StoredProcedure.cs
===================================================================
--- branches/1.0/TestSuite/StoredProcedure.cs	2005-10-13 20:47:54 UTC (rev 192)
+++ branches/1.0/TestSuite/StoredProcedure.cs	2005-10-13 21:16:56 UTC (rev 193)
@@ -549,5 +549,33 @@
 			}
 		}
 
+		/// <summary>
+		/// Bug #13753  	Exception calling stored procedure with special characters in
parameters
+		/// </summary>
+		[Test]
+		public void SpecialCharacters()
+		{
+			execSQL("SET sql_mode=ANSI_QUOTES");
+			try 
+			{
+				execSQL("CREATE PROCEDURE spTest(\"@Param1\" text) BEGIN SELECT \"@Param1\"; END");
+
+				MySqlCommand cmd = new MySqlCommand("spTest", conn);
+				cmd.Parameters.Add("@Param1", "This is my value");
+				cmd.CommandType = CommandType.StoredProcedure;
+
+				string val = (string)cmd.ExecuteScalar();
+				Assert.AreEqual("This is my value", val);
+			}
+			catch (Exception ex)
+			{
+				Assert.Fail(ex.Message);
+			}
+			finally 
+			{
+				execSQL("SET sql_mode=\"\"");
+			}
+		}
+
 	}
 }

Modified: branches/1.0/mysqlclient/StoredProcedure.cs
===================================================================
--- branches/1.0/mysqlclient/StoredProcedure.cs	2005-10-13 20:47:54 UTC (rev 192)
+++ branches/1.0/mysqlclient/StoredProcedure.cs	2005-10-13 21:16:56 UTC (rev 193)
@@ -116,6 +116,14 @@
 			return type;
 		}
 
+		private string CleanProcParameter(string parameter)
+		{
+			char c = parameter[0];
+			if (c == '`' || c == '\'' || c == '"')
+				return parameter.Substring(1, parameter.Length-2);
+			return parameter;
+		}
+
 		private string[] GetParameterParts(string parameterDef)
 		{
 			int pos = 0;
@@ -129,7 +137,7 @@
 			else
 				parts[0] = "in";
 
-			parts[1] = split[pos++];
+			parts[1] = CleanProcParameter(split[pos++]);
 			parts[2] = CleanType(split[pos++]);
 			return parts;
 		}
@@ -212,15 +220,16 @@
 							throw new MySqlException("Parameter '" + parts[1] + "' is not defined");
 
 						MySqlParameter p = cmd.Parameters[index];
-						//string pName = connection.ParameterMarker + p.ParameterName;
-						string vName = "@" + hash + CleanParameterName(p.ParameterName);
+						string cleanName = CleanParameterName(p.ParameterName);
+						string pName = connection.ParameterMarker + cleanName;
+						string vName = "@" + hash + cleanName;
 						if (p.Direction == ParameterDirection.Input)
 						{
-							sqlStr += p.ParameterName + ", ";
+							sqlStr += pName + ", ";
 							continue;
 						}
 						else if (p.Direction == ParameterDirection.InputOutput)
-							setStr += "set " + vName + "=" + p.ParameterName + ";";
+							setStr += "set " + vName + "=" + pName + ";";
 						sqlStr += vName + ", ";
 						outSelect += vName + ", ";
 					}

Modified: branches/1.0/mysqlclient/command.cs
===================================================================
--- branches/1.0/mysqlclient/command.cs	2005-10-13 20:47:54 UTC (rev 192)
+++ branches/1.0/mysqlclient/command.cs	2005-10-13 21:16:56 UTC (rev 193)
@@ -607,7 +607,8 @@
 					sqlPart.Remove( 0, sqlPart.Length ); 
 				}
 				else if (sqlPart.Length > 0 && sqlPart[0] == parameters.ParameterMarker
&& 
-					! Char.IsLetterOrDigit(c) && c != '_' && c != '.' && c !=
'$')
+					! Char.IsLetterOrDigit(c) && c != '_' && c != '.' && c !=
'$' 
+					&& c != '@')
 				{
 					tokens.Add( sqlPart.ToString() );
 					sqlPart.Remove( 0, sqlPart.Length );
Thread
Connector/NET commit: r193 - in branches/1.0: . TestSuite mysqlclientrburnett13 Oct