search

google-code-export / dblinq2007

Automatically exported from code.google.com/p/dblinq2007
Other
0 stars 0 forks source link

Fixed builder sql bug. #209

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
In sqlite,when column name is key word,will has error in query.
eg.
error sql:
Select Id,Exists from tableName
right sql:
Select [Id],[Exists] from tableName

so must warp "[]" to column name is ok.

code file:
$\DbLinq\Vendor\Implementation\SqlProvider.cs

fixed code like this:

insertBuilder.AppendFormat(" ({0})", SqlStatement.Join(", ", "[" + 
inputColumns + "]"));
=>
insertBuilder.AppendFormat(" ([{0}])", SqlStatement.Join("], [", 
inputColumns));

insertIds.AppendFormat(" ({0})", SqlStatement.Join(", ", "[" + 
outputColumns + "]"));
=>
insertIds.AppendFormat(" ([{0}])", SqlStatement.Join("], [", 
outputColumns));

...

maybe has same problem in other module,please check it and fixed it,thanks 
very much! O(∩_∩)O

Original issue reported on code.google.com by linqingf...@gmail.com on 9 Mar 2010 at 3:08

GoogleCodeExporter commented 9 years ago 
Maybe fixed this bug, just need modified this code:

public string GetColumn(string column)
{
    return GetSafeNamePart(column);
}

change to :

public string GetColumn(string column)
{
    return "[" + GetSafeNamePart(column) + "]";
}

in code file:
$\DbLinq\Vendor\Implementation\SqlProvider.cs

Original comment by linqingf...@gmail.com on 9 Mar 2010 at 8:21

GoogleCodeExporter commented 9 years ago 
This isn't necessary.  SqlProvider.GetSafeNamePart(string) calls 
SqlProvider.MakeNameSafe(string) which calls 
QuotesHelper.Enquote() which wraps the identifier in 
SqlProvider.SafeNameStartQuote and 
SqlProvider.SafeNameEndQuote.

The question is, why isn't it being escaped?  The answer is in 
SqlProvider.GetSafeNamePart(): it uses 
SqlProvider.IsMadeSafe(), SqlProvider.IsNameSafe(), and 
SqlProvider.IsNameCaseSafe() to make this determination.

Id isn't a SQL keyword, and thus should be safe.  EXISTS, meanwhile, is a 
keyword for SQL Server.

There are thus two different solutions to this problem:

1. For your DB provider (e.g. src/DbLinq.SqlServer/SqlServerSqlProvider.cs), 
override SqlProvider.IsNameSafe() and 
add your additional keywords to the list.

2. Metaphorically, say "screw this" and just *always* quote the strings.  This 
is what you suggest in Comment #1, 
but your implementation is wrong; it should instead change 
SqlProvider.GetSafeNamePart(string) to ignore 
SqlProviderIsMadeSafe()/etc. and instead be:

    protected virtual string GetSafenamePart(string namePart)
    {
        return IsMadeSafe(namePart) ? namePart : MakeNameSafe(namePart);
    }

This will allow the DB to choose appropriate start/end quote characters (e.g. 
[] for SQL Server, '"' for other 
databases).

Original comment by jonmpr...@gmail.com on 11 Mar 2010 at 8:24

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r1313.

Original comment by jonmpr...@gmail.com on 12 Mar 2010 at 3:49

GoogleCodeExporter commented 9 years ago 
jonmpryor,thank you very much!O(∩_∩)O

Original comment by linqingf...@gmail.com on 12 Mar 2010 at 7:22

GoogleCodeExporter commented 9 years ago 
Closing.

Original comment by jonmpr...@gmail.com on 9 Apr 2010 at 7:55