groovy

Sql.withBatch is not escaping SQL variables

Details

  • Type: Bug Bug
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.7.3
  • Fix Version/s: None
  • Component/s: SQL processing
  • Labels:
    None
  • Environment:
    Windows 7, Java 1.6.0_20
  • Number of attachments :
    0

Description

I wanted to replace a loop of sql.update calls like this:

sql.execute("update Foo set Baz = $

{baz}

where Bar = $

{bar}")

With

sql.withBatch(200, { stmt ->
stmt.addBatch("update Foo set Baz = ${bar}

where Bar = $

{bar}

")
})

But looks like Sql.withBatch is not escaping variables like Sql.execute and Sql.update do
and the script freaks out as soon as one of the bar variables contains a quote character.

Activity

No changes have yet been made on this issue.

People

  • Assignee:
    Unassigned
    Reporter:
    Behrang Saeedzadeh
Vote (2)
Watch (3)

Dates

  • Created:
    Updated: