Node-oracledb 6.1.0 thin mode
Oracle DB 19 on Amazon RDS
Is it an error or a hang or a crash?
Crash
What error(s) or behavior you are seeing?
When I have an apostrophe in a comment followed by code with a bind variable node-oracledb doesn't recognize the bind variable and gives me the error NJS-097: no bind placeholder.
I've traced this error to this line, which happens to look almost exactly like some code I wrote (and just fixed) to find bind variables in a SQL statement. The fix I decided on for my code was to edit the regex to disallow multi-line strings since that fixed my specific problem and I don't believe multi-line strings are valid SQL (though if they are you'd have to come up with a different solution. It may also work to strip comments before strings but that opens up other issues.
Include a runnable Node.js script that shows the problem.
Here's the specific problem I ran into:
const SQL = `
-- Apostrophes don't work
select * from example where age = :example and name = 'example';
`;
conn.execute(SQL, {example: ''});
In that case it strips the "string" from the apostrophe in don't to the first single quote of 'example', so it can't find the bind parameter :example.
Simply reordering the filters doesn't work because it could think you could have comments in strings (i.e. and flag = '--flag'). There may also be some existing issues in the interaction between single-line and multi-line comments. It may not be possible to do all the stripping you need to do properly with regexes.
Node-oracledb 6.1.0 thin mode Oracle DB 19 on Amazon RDS
Crash
When I have an apostrophe in a comment followed by code with a bind variable node-oracledb doesn't recognize the bind variable and gives me the error
NJS-097: no bind placeholder
.I've traced this error to this line, which happens to look almost exactly like some code I wrote (and just fixed) to find bind variables in a SQL statement. The fix I decided on for my code was to edit the regex to disallow multi-line strings since that fixed my specific problem and I don't believe multi-line strings are valid SQL (though if they are you'd have to come up with a different solution. It may also work to strip comments before strings but that opens up other issues.
Here's the specific problem I ran into:
In that case it strips the "string" from the apostrophe in
don't
to the first single quote of'example'
, so it can't find the bind parameter:example
.Simply reordering the filters doesn't work because it could think you could have comments in strings (i.e.
and flag = '--flag'
). There may also be some existing issues in the interaction between single-line and multi-line comments. It may not be possible to do all the stripping you need to do properly with regexes.