shouhengyi opened a new issue #7324: URL: https://github.com/apache/pinot/issues/7324
In [PreparedStatement.java](https://github.com/apache/pinot/blob/master/pinot-clients/pinot-java-client/src/main/java/org/apache/pinot/client/PreparedStatement.java), if `value` argument in the `setString` method contains dollar sign "$", it will cause `IndexOutOfBoundsException` when `fillStatementWithParameters` is invoked. For example, if `value` is `"$8.00"`, we will get exceptions like this. ``` java.lang.IndexOutOfBoundsException: No group 8 at java.util.regex.Matcher.start(Matcher.java:375) at java.util.regex.Matcher.appendReplacement(Matcher.java:880) at java.util.regex.Matcher.replaceFirst(Matcher.java:1004) at java.lang.String.replaceFirst(String.java:2178) at org.apache.pinot.client.PreparedStatement.fillStatementWithParameters(PreparedStatement.java:61) ... ``` This is due to that the dollar sign $ is not properly escaped. To fix this issue, our proposal is to escape dollar sign in the `value`: ``` public void setString(int parameterIndex, String value) { _parameters[parameterIndex] = "'" + value.replace("'", "''").replace("$", "//$") + "'"; } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
