juddi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "SourceForge.net" <nore...@sourceforge.net>
Subject [juddi-Developers] [ juddi-Bugs-784297 ] dynamic sql escape special character bug
Date Wed, 06 Aug 2003 11:13:01 GMT
Bugs item #784297, was opened at 2003-08-06 17:35
Message generated for change (Settings changed) made by sviens
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=434422&aid=784297&group_id=42875

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jin Tong (nij_gnot)
>Assigned to: Steve Viens (sviens)
Summary: dynamic sql escape special character bug

Initial Comment:
In find_XXXXX methods, the SQLs are built dynamically
by appending to an existing buffer with new arguments.
SQL control characters are not properly escaped. For
example, if one string argument contains "'", the
resulting sql that is sent to the database will be
ill-formed and a resulting SQLException will usually be
thrown. This happens at least with MySQL and Oracle
database (and their default JDBC driver).


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=434422&aid=784297&group_id=42875


Mime
View raw message