net.sf.hibernate.type.StringType contains wrong SQL generation

Description

objectToSQLString does not fulfill the contract on org.hibernate.type.LiteralType.objectToSQLString for strings that contain single quotes.

I know that Oracle requires that quotes be doubled (and I believe that it follows the SQL standard in doing so), so

'\'' + (String) value + '\''

should be replaced with

'\'' + ((String) value).replace ("'", "''") + '\''

The issue was already considered in HB-192, but the discussion there was limited to security concerns and missed the contractual problem.

(I noticed the problem while searching for a way to do the reverse of objectToSQLString, namely parse an SQL constant expression into a LiteralType value. That's why I don't know how to construct a test case, sorry.)

Environment

(Actually Hibernate 3.5.4)

Activity

Show:
Brett Meyer
April 7, 2014, 5:42 PM

In an effort to clean up, in bulk, tickets that are most likely out of date, we're transitioning all ORM 3 tickets to an "Awaiting Test Case" state. Please see http://in.relation.to/Bloggers/HibernateORMJIRAPoliciesAndCleanUpTactics for more information.

If this is still a legitimate bug in ORM 4, please provide either a test case that reproduces it or enough detail (entities, mappings, snippets, etc.) to show that it still fails on 4. If nothing is received within 3 months or so, we'll be automatically closing them.

Thank you!

Brett Meyer
July 8, 2014, 3:10 PM

Bulk rejecting stale issues. If this is still a legitimate issue on ORM 4, feel free to comment and attach a test case. I'll address responses case-by-case. Thanks!

Rejected

Assignee

Unassigned

Reporter

Joachim Durchholz

Fix versions

None

Labels

None

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

Affects versions

Priority

Critical
Configure