search

r2dbc / r2dbc-mssql

R2DBC Driver for Microsoft SQL Server using TDS (Tabular Data Stream) Protocol
Apache License 2.0
183 stars 32 forks source link

Escaping @ character in the where clause #201

Closed jgiovaresco closed 3 years ago

jgiovaresco commented 3 years ago

Bug Report

Versions

Current Behavior

Running a query using DatabaseClient.sql() which contains an @ in the WHERE clause raises a No parameters bound error.

I tried to escape the character with []: SELECT * FROM users WHERE email = 'name[@]gmail.com' but the result is the same.

Stack trace ``` Caused by: java.lang.IllegalStateException: No parameters bound for query 'SELECT * from users WHERE email ='name@gmail.com'' ```

Table schema

Input Code ```sql create table users ( id nvarchar(255) not null constraint users_pk primary key, username nvarchar(255) not null, password nvarchar(255) not null, email nvarchar(255) not null ) ```

Steps to reproduce

Input Code ```java template .getDatabaseClient() .sql("SELECT * FROM users WHERE email = 'name@gmail.com'") .map(JdbcUser::fromRow) .all() ```

Expected behavior/code

I'm expecting to run a query containing an escaped @

Possible Solution

It seems related to how we detect if a query is parameterized or not: https://github.com/r2dbc/r2dbc-mssql/blob/5868d7354c8701bf4b17c63c9570062bacd9d0be/src/main/java/io/r2dbc/mssql/ParametrizedMssqlStatement.java#L318 Maybe we could check if the @ is escaped around there 🤔

Additional context

mp911de commented 3 years ago

Actually, the driver should not fail when a parameter isn't bound during execute() since we don't have a proper parser and the server-side reporting missing bindings should be fine. That's also what the JDBC driver does.

mp911de commented 3 years ago

Duplicate of #197.