Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-6042

Escaping not work in PreparedStatements executed in Salesforce connector

    XMLWordPrintable

Details

    Description

      Project with teiid spring boot application.
      We have simple prepared statement as in pseudocode:

      NamedParameterJdbcTemplate sftemplate;
      MapSqlParameterSource params;
      rowset = sftemplate.queryForRowSet(sql, params);
      

      But in BaseSalesforceConnection.class we have SOQL with wrong escaping.
      where parameter name email and value

       
      test'name@test.com
      

      And source actual SQL in prepared statement:

      SELECT l.Id                  AS Lead_id  FROM Lead AS l WHERE l.Email  IN (?) 
      

      SOQL is:

      SELECT Id FROM Lead WHERE Email = 'test''name@test.com'
      

      But in documentation of salesforce we have another method for escaping (for more than one symbol and for LIKE)

      https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_select_quotedstringescapes.htm

      \' 	One single-quote character
      

      If we try to use preescaped value

      SELECT Id FROM Lead WHERE Email = 'test\''name@test.com'
      

      See: SQLStringVisitor::escapeString

      Attachments

        Activity

          People

            rhn-engineering-shawkins Steven Hawkins
            3draven Renat Eskenin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: