Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-785

jdbc insert query throws SQLSyntaxErrorException (unknown escape sequence) with 2.6.0 j-connector

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 2.6.1
    • JDBC compatibility
    • None
    • - mac OS 10.13.6 (openjdk version "11.0.6" 2020-01-14 LTS)
      - centOS 7 with java 11

    Description

      We recently upgraded to MariaDB Connector/J (version 2.6.0) from version 1.5.x and found that our insert statement is breaking with "SQLSyntaxErrorException: unknown escape sequence" exception. The same insert works fine if we use mysql client

      For example,

      CREATE TABLE TEST_SYNTAX_ERROR(
           id INTEGER unsigned NOT NULL AUTO_INCREMENT, 
           str_value MEDIUMTEXT CHARACTER SET utf8mb4 NOT NULL, 
           json_value  MEDIUMTEXT CHARACTER SET utf8mb4 NOT NULL
          PRIMARY KEY ( id )
      )
      

      and if try to insert a string for "str_value" with trailing '\' character followed by some json string for "json_value", we see the following exception.

      INSERT INTO TEST_SYNTAX_ERROR(str_value, json_value) VALUES ('abc\\', '{"data": "test"}')
       
       
      Exception in thread "main" java.sql.SQLSyntaxErrorException: (conn=519) unknown escape sequence {"data": "test"}
      	at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:62)
      	at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:153)
      	at org.mariadb.jdbc.MariaDbStatement.executeExceptionEpilogue(MariaDbStatement.java:273)
      	at org.mariadb.jdbc.MariaDbStatement.executeInternal(MariaDbStatement.java:362)
      	at org.mariadb.jdbc.MariaDbStatement.executeQuery(MariaDbStatement.java:610)
      	at test.TestMariaDBSQLSyntaxException.testInsertString(TestMariaDBSQLSyntaxException.java:53)
      	at test.TestMariaDBSQLSyntaxException.main(TestMariaDBSQLSyntaxException.java:71)
      Caused by: java.sql.SQLException: unknown escape sequence {"data": "test"}
      	at org.mariadb.jdbc.internal.util.Utils.resolveEscapes(Utils.java:465)
      	at org.mariadb.jdbc.internal.util.Utils.nativeSql(Utils.java:560)
      	at org.mariadb.jdbc.MariaDbStatement.executeInternal(MariaDbStatement.java:357)
      	... 3 more
      

      The main problem is with trailing '\' character in the first string and if the insert command got some column which can hold json string. If we remove the trailing '\' characters in the first string, the query passes.

      Please find here attached the test case with the above issue. Our project is blocked by issue.

      Attachments

        Issue Links

          Activity

            ttock T Tock added a comment - - edited

            The fix for the bug is this (or something like it) in Utils.nativeSql():

                  if (lastChar == '\\' && !protocol.noBackslashEscapes()) {
                    sqlBuffer.append(car);
                    lastChar = (car == '\\') ? '.' : car;
                    continue;
                  }
            

            Explanation: if we hit an escaped backslash character, we do not want it to still act like an escaping character for the next character visited. So that's why the code above sets 'lastChar' to '.' after we see two backslash characters in a row (the '.' character could be something different, so long as it's not something that has special meaning to the rest of the function).

            Note: the nativeSql() call adds a noticeable slowdown in the driver performance when processing large queries (as compared to previous versions of the driver). All it takes is a single '{' anywhere in the query to force the expensive character-by-character analysis and copy of the query. When inserting variable numbers of rows we have found the best performance is achieved by constructing our own escaped queries. Occasionally our queries are >1MB in size, which is slow to process in nativeSql(). These queries are noticeably slower to execute because of the client-side / driver overhead when we upgraded to the latest version.

            It would be great for performance-sensitive folks to have an option that disables the functionality provided by nativeSql(), allowing that expensive function to be bypassed. Please let me know if this suggestion should be filed as a separate ticket.

            ttock T Tock added a comment - - edited The fix for the bug is this (or something like it) in Utils.nativeSql(): if (lastChar == '\\' && !protocol.noBackslashEscapes()) { sqlBuffer.append(car); lastChar = (car == '\\') ? '.' : car; continue; } Explanation: if we hit an escaped backslash character, we do not want it to still act like an escaping character for the next character visited. So that's why the code above sets 'lastChar' to '.' after we see two backslash characters in a row (the '.' character could be something different, so long as it's not something that has special meaning to the rest of the function). Note: the nativeSql() call adds a noticeable slowdown in the driver performance when processing large queries (as compared to previous versions of the driver). All it takes is a single '{' anywhere in the query to force the expensive character-by-character analysis and copy of the query. When inserting variable numbers of rows we have found the best performance is achieved by constructing our own escaped queries. Occasionally our queries are >1MB in size, which is slow to process in nativeSql(). These queries are noticeably slower to execute because of the client-side / driver overhead when we upgraded to the latest version. It would be great for performance-sensitive folks to have an option that disables the functionality provided by nativeSql(), allowing that expensive function to be bypassed. Please let me know if this suggestion should be filed as a separate ticket.
            ttock T Tock added a comment -

            Thank you for the fix, as well as for providing a way to avoid escaping all together. Where can I see the changes that you've made? I looked here:
            https://github.com/mariadb-corporation/mariadb-connector-j/
            but is that the right repo to be looking in?

            Thanks!

            ttock T Tock added a comment - Thank you for the fix, as well as for providing a way to avoid escaping all together. Where can I see the changes that you've made? I looked here: https://github.com/mariadb-corporation/mariadb-connector-j/ but is that the right repo to be looking in? Thanks!

            People

              diego dupin Diego Dupin
              zcabir Cabir Zounaidou
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.