Bug#311040: libdbd-mysql-perl: parser gets confused by comments

Niko Tyni Sun, 30 Sep 2007 13:20:51 -0700

tag 311040 patch
thanks

On Fri, May 27, 2005 at 07:24:25PM -0400, Frederic Briere wrote:
> Package: libdbd-mysql-perl
> Version: 2.9006-1
> Severity: normal
> 
> Comments seem to give the MySQL parser a hard time, but here's one that
> manages to confuse DBD::MySQL itself:
> 
>   -- 'Tis the quote that confuses DBI::MySQL
>   SELECT ?


Hi,

here's a failing testcase and a proposed patch for this issue.
I just sent them upstream too; see http://bugs.mysql.com/27625 .
Let's wait a while to see what they think.

Cheers,
-- 
Niko Tyni   [EMAIL PROTECTED]

>From 1355a8adfdc7cd8df24908a2e8cfb2ca4efb216c Mon Sep 17 00:00:00 2001
From: Niko Tyni <[EMAIL PROTECTED]>
Date: Sun, 30 Sep 2007 22:59:23 +0300
Subject: [PATCH] Add a failing testcase for http://bugs.debian.org/311040

---
 t/comments.t |   45 +++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 45 insertions(+), 0 deletions(-)
 create mode 100755 t/comments.t

diff --git a/t/comments.t b/t/comments.t
new file mode 100755
index 0000000..50c5ba4
--- /dev/null
+++ b/t/comments.t
@@ -0,0 +1,45 @@
+# -*- cperl -*-
+# Test special characters inside comments
+# http://bugs.debian.org/311040
+# http://bugs.mysql.com/27625
+
+use strict;
+use DBI ();
+
+use vars qw($test_dsn $test_user $test_password $state);
+require "t/lib.pl";
+
+while (Testing()) {
+  my ($dbh, $sth);
+  #
+  # Connect to the database
+  Test($state or
+       ($dbh = DBI->connect($test_dsn, $test_user, $test_password,
+                           {RaiseError => 0})));
+
+  my $q;
+
+  #
+  # Placeholder inside a comment
+  #
+  $q = " -- Does the question mark at the end confuse DBI::MySQL?\nselect ?";
+
+  Test($state or ($sth = $dbh->prepare($q)));
+  Test($state or ($sth->execute(42)));
+  Test($state or ($sth->{ParamValues}));
+  Test($state or ($sth->finish));
+
+  #
+  # Quote inside a comment
+  #
+  $q = " -- 'Tis the quote that confuses DBI::MySQL\nSELECT ?";
+
+  Test($state or ($sth = $dbh->prepare($q)));
+  Test($state or ($sth->execute(42)));
+  Test($state or ($sth->{ParamValues}));
+  Test($state or ($sth->finish));
+
+  #
+  # Close the database connection
+  Test($state or ($dbh->disconnect() or 1));
+}
-- 
1.5.3.2

>From afaa4b441c583a35a0710d783f8575278bbb4d7f Mon Sep 17 00:00:00 2001
From: Niko Tyni <[EMAIL PROTECTED]>
Date: Sun, 30 Sep 2007 23:07:12 +0300
Subject: [PATCH] Skip comments when parsing the SQL syntax

---
 dbdimp.c |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/dbdimp.c b/dbdimp.c
index 4039d76..9531938 100755
--- a/dbdimp.c
+++ b/dbdimp.c
@@ -92,6 +92,15 @@ count_params(char *statement)
       ++num_params;
       break;
 
+    case '-':
+      /* Skip comment */
+      if (*ptr == '-') {
+        while (*ptr != '\n') {
+            ++ptr;
+        }
+      }
+      break;
+
     default:
       break;
     }
@@ -517,6 +526,16 @@ static char *parse_params(
       }
       break;
 
+      case '-':
+      /* Skip comment */
+      {
+        if (*(++statement_ptr) == '-') {
+                while (*(statement_ptr) != '\n')
+                        ++statement_ptr;
+        }
+      }
+      break;
+
       case '?':
         /* Insert parameter */
         statement_ptr++;
-- 
1.5.3.2

Bug#311040: libdbd-mysql-perl: parser gets confused by comments

Reply via email to