net.sf.hibernate.type.StringType contains wrong SQL generation

Description

objectToSQLString does not fulfill the contract on org.hibernate.type.LiteralType.objectToSQLString for strings that contain single quotes.

I know that Oracle requires that quotes be doubled (and I believe that it follows the SQL standard in doing so), so

'\'' + (String) value + '\''

should be replaced with

'\'' + ((String) value).replace ("'", "''") + '\''

The issue was already considered in HB-192, but the discussion there was limited to security concerns and missed the contractual problem.

(I noticed the problem while searching for a way to do the reverse of objectToSQLString, namely parse an SQL constant expression into a LiteralType value. That's why I don't know how to construct a test case, sorry.)

Environment

(Actually Hibernate 3.5.4)

Activity

Show:

Brett Meyer

April 7, 2014, 5:42 PM

Copy link to comment

In an effort to clean up, in bulk, tickets that are most likely out of date, we're transitioning all ORM 3 tickets to an "Awaiting Test Case" state. Please see http://in.relation.to/Bloggers/HibernateORMJIRAPoliciesAndCleanUpTactics for more information.

If this is still a legitimate bug in ORM 4, please provide either a test case that reproduces it or enough detail (entities, mappings, snippets, etc.) to show that it still fails on 4. If nothing is received within 3 months or so, we'll be automatically closing them.

Thank you!

Brett Meyer

July 8, 2014, 3:10 PM

Copy link to comment

Bulk rejecting stale issues. If this is still a legitimate issue on ORM 4, feel free to comment and attach a test case. I'll address responses case-by-case. Thanks!

Rejected

Assignee

Unassigned

Reporter

Joachim Durchholz

Fix versions

None

Labels

None

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

hibernate-core

Affects versions

3.5.5

Priority

Critical

Configure