Comments on: Simple gotchas with debugging Groovy SQL http://almaer.com/blog/simple-gotchas-with-debugging-groovy-sql blogging about life, the universe, and everything tech Sat, 08 Sep 2012 07:06:53 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: James Strachan http://almaer.com/blog/simple-gotchas-with-debugging-groovy-sql/comment-page-1#comment-4462 James Strachan Wed, 14 Jul 2004 22:22:26 +0000 http://almaer.com/blog2/simple-gotchas-with-debugging-groovy-sql#comment-4462 Dion, your wish is my command (again :). CVS HEAD now warns if you accidentally quote a dynamic expression. Strictly speaking, GroovySQL could be clever enough to trim off the unnecessary quotes for you automatically and still reuse the prepared statement - but for now the query still works (maybe there's a need for this as it enforces string coercion?) - but gives a nice warning to let you know there's a possible security leak. Dion, your wish is my command (again :).

CVS HEAD now warns if you accidentally quote a dynamic expression.

Strictly speaking, GroovySQL could be clever enough to trim off the unnecessary quotes for you automatically and still reuse the prepared statement – but for now the query still works (maybe there’s a need for this as it enforces string coercion?) – but gives a nice warning to let you know there’s a possible security leak.

]]> By: Dion http://almaer.com/blog/simple-gotchas-with-debugging-groovy-sql/comment-page-1#comment-4461 Dion Wed, 14 Jul 2004 19:51:10 +0000 http://almaer.com/blog2/simple-gotchas-with-debugging-groovy-sql#comment-4461 That would be like butter :) D That would be like butter :)

D

]]> By: James Strachan http://almaer.com/blog/simple-gotchas-with-debugging-groovy-sql/comment-page-1#comment-4460 James Strachan Wed, 14 Jul 2004 19:46:23 +0000 http://almaer.com/blog2/simple-gotchas-with-debugging-groovy-sql#comment-4460 Maybe we could turn on warnings in Groovy SQL so that if you use a $expression inside some SQL it warns you if there are single or double quotes around the expression. e..g sql.eachRow "select * from blah where x = '$foo'" would generate a warning but this wouldn't sql.eachRow "select * from blah where x = $foo" Maybe we could turn on warnings in Groovy SQL so that if you use a $expression inside some SQL it warns you if there are single or double quotes around the expression.

e..g

sql.eachRow “select * from blah where x = ‘$foo’”

would generate a warning but this wouldn’t

sql.eachRow “select * from blah where x = $foo”

]]>