Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-6042

Escaping not work in PreparedStatements executed in Salesforce connector

    XMLWordPrintable

Details

    • Undefined

    Description

      Project with teiid spring boot application.
      We have simple prepared statement as in pseudocode:

      NamedParameterJdbcTemplate sftemplate;
MapSqlParameterSource params;
rowset = sftemplate.queryForRowSet(sql, params);

      But in BaseSalesforceConnection.class we have SOQL with wrong escaping.
      where parameter name email and value

       
test'name@test.com

      And source actual SQL in prepared statement:

      SELECT l.Id                  AS Lead_id  FROM Lead AS l WHERE l.Email  IN (?)

      SOQL is:

      SELECT Id FROM Lead WHERE Email = 'test''name@test.com'

      But in documentation of salesforce we have another method for escaping (for more than one symbol and for LIKE)

      https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_select_quotedstringescapes.htm

      \' 	One single-quote character

      If we try to use preescaped value

      SELECT Id FROM Lead WHERE Email = 'test\''name@test.com'

      See: SQLStringVisitor::escapeString

      Attachments

        Activity

          People

            rhn-engineering-shawkins Steven Hawkins
            3draven Renat Eskenin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: