fix: avoid placeholder detection in SQL comments #1573
Conversation
|
Hello! Thanks for the PR. Instead of spending CPU removing comments it would be nice if we could recommend users simply don't include comments on queries with bound parameters. This is a good fix but perhaps in a future version we can be more strict about this, maybe even show warnings in a debug mode. At a certain point we would need a full tokenizer to truly parse out the parameters while handling edge cases, much easier to just enforce a style for these programmatic queries. |
|
I wonder if any queries would be broken by merging this. It might be safer to tell users to remove comments like this one. I need to follow up in the original issue, but is there any valid case to have comments like this in the query? |
|
Hi, I also understand that you don't want to touch to the query not to introduce some risks, you also mentioned about adding comments, one possibility is that the user might have many SQL files and maybe comments are already added, It would be weird to say delete your comments when submitting queries in my opinion. I am very new to the project and I'm totally fine if we skip to merge this and get back to this later. |
Summary
This pull request fixes issue #1537, where parameter placeholders such as
?were incorrectly detected inside--single-line SQL comments. This led to false-positive errors like:when using
$1placeholders together with comments.What this patch does
stripLineCommentshelper inbind.gothat removes--comments before applying placeholder-detection regexes.?or$1inside comments are not interpreted as actual parameter placeholders.tests/issues/1537_test.goto verify the fix and prevent future regressions.Limitations
This patch only addresses
--style comments. It does not currently handle:/* ... */block comments'string literals'containing?or$1These could be addressed in future improvements if needed.
Fixes #1537
Checklist