objectToSQLString does not fulfill the contract on org.hibernate.type.LiteralType.objectToSQLString for strings that contain single quotes.
I know that Oracle requires that quotes be doubled (and I believe that it follows the SQL standard in doing so), so
'\'' + (String) value + '\''
should be replaced with
'\'' + ((String) value).replace ("'", "''") + '\''
The issue was already considered in HB-192, but the discussion there was limited to security concerns and missed the contractual problem.
(I noticed the problem while searching for a way to do the reverse of objectToSQLString, namely parse an SQL constant expression into a LiteralType value. That's why I don't know how to construct a test case, sorry.)
(Actually Hibernate 3.5.4)
In an effort to clean up, in bulk, tickets that are most likely out of date, we're transitioning all ORM 3 tickets to an "Awaiting Test Case" state. Please see http://in.relation.to/Bloggers/HibernateORMJIRAPoliciesAndCleanUpTactics for more information.
If this is still a legitimate bug in ORM 4, please provide either a test case that reproduces it or enough detail (entities, mappings, snippets, etc.) to show that it still fails on 4. If nothing is received within 3 months or so, we'll be automatically closing them.
Bulk rejecting stale issues. If this is still a legitimate issue on ORM 4, feel free to comment and attach a test case. I'll address responses case-by-case. Thanks!