Make `script.execute` robust against quotes
Closed this issue · 0 comments
redcatbear commented
Situation
Sometimes you want to try out how your SQL scripts behave if you feed them parameters that contain single or double quotes.
While double quotes seem to work fine, single quotes produce an error.
script.execute(parameters)
Produces
syntax error, unexpected IDENTIFIER_LIST_, expecting ',' or ')' [line 1, column 114]
This is caused by the fact that the prepared statement does not use placeholders, so the parameters are not properly quoted. That results in constructs like this:
EXECUTE SCRIPT "REMOVE_USER_FROM_GROUP_SCHEMA"."REMOVE_USER_FROM_GROUP" ('THE_USER', ARRAY('GROUP_A', 'CONTAINS'SINGLE_QUOTE', 'GROUP_C'))
Acceptance Criteria
- Script parameters are properly quoted.