ParameterParser.parse(...) has a parsing bug involving "call" substring

Description

The following line of code does not account for the possibility that a column name in the sqlString can contain the substring "call". As a result hasMainOutputParameter will get set to the wrong value.

ParameterParser.java
public static void parse(String sqlString, Recognizer recognizer) throws QueryException {
boolean hasMainOutputParameter = sqlString.indexOf( "call" ) > 0 &&
sqlString.indexOf( "?" ) < sqlString.indexOf( "call" ) &&
sqlString.indexOf( "=" ) < sqlString.indexOf( "call" );

For example:

create table test (id varchar(255), call_center varchar(255));

sql = "insert test set id=?, call_center=?;"
SQLQuery query = session.createSQLQuery(sql);
query.setParameter(0, "blab");
query.setParameter(1, "california");

At this point, the second setParameter call will exception out. This is because the createSQLQuery() calls ParameterParser which wrongly parse any sql that contains "call" in the substring. Actually, if you think about the following, the edge case that is not being handled is pretty obvious.

boolean hasMainOutputParameter = sqlString.indexOf( "call" ) > 0 &&
sqlString.indexOf( "?" ) < sqlString.indexOf( "call" ) &&
sqlString.indexOf( "=" ) < sqlString.indexOf( "call" );

I am using 3.3.1 but I suspect this is affecting all current release.

Environment

windows and linux.

Activity

Show:
Strong Liu
October 13, 2011, 6:38 PM

I believe this has been fixed, at least in 4.0

Fixed

Assignee

Strong Liu

Reporter

silly things

Fix versions

None

Labels

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

Affects versions

Priority

Major