Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-6042

Escaping not work in PreparedStatements executed in Salesforce connector

    Details

      Description

      Project with teiid spring boot application.
      We have simple prepared statement as in pseudocode:

      NamedParameterJdbcTemplate sftemplate;
      MapSqlParameterSource params;
      rowset = sftemplate.queryForRowSet(sql, params);
      

      But in BaseSalesforceConnection.class we have SOQL with wrong escaping.
      where parameter name email and value

       
      test'name@test.com
      

      And source actual SQL in prepared statement:

      SELECT l.Id                  AS Lead_id  FROM Lead AS l WHERE l.Email  IN (?) 
      

      SOQL is:

      SELECT Id FROM Lead WHERE Email = 'test''name@test.com'
      

      But in documentation of salesforce we have another method for escaping (for more than one symbol and for LIKE)

      https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_select_quotedstringescapes.htm

      \' 	One single-quote character
      

      If we try to use preescaped value

      SELECT Id FROM Lead WHERE Email = 'test\''name@test.com'
      

      See: SQLStringVisitor::escapeString

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shawkins Steven Hawkins
                Reporter:
                i3draven Renat Eskenin
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: