Skip to content

Fix sql LIKE usage to properly escape special characters #6837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 15, 2025
Merged

Fix sql LIKE usage to properly escape special characters #6837

merged 8 commits into from
Jul 15, 2025

Conversation

XingY
Copy link
Contributor

@XingY XingY commented Jul 10, 2025
edited by labkey-robert
Loading

Rationale

This has been an ongoing intermittent TC failure on sql server that fails to correctly increment withCounter sequences, when the string contains special characters. Wildcard characters need to be escaped for LIKE operators in SQL.

Related Pull Requests

Changes

Tasks 📍

~~- [ ] Manual Testing ~~
Needs Automation (No, already exist)

  • code review

@XingY XingY self-assigned this Jul 10, 2025
labkey-nicka
labkey-nicka reviewed Jul 14, 2025
View reviewed changes
api/src/org/labkey/api/data/dialect/SqlDialect.java
{
String prefix = wildcardPrefix != null ? wildcardPrefix : "";
String suffix = wildcardSuffix != null ? wildcardSuffix : "";
String prefixLike = prefix + CompareType.escapeLikePattern(matchStr, escapeChar) + suffix;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be using concatenate() as furnished by the dialect?

Copy link
Contributor

@labkey-matthewb labkey-matthewb Jul 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If matchStr were not constant (e.g. SQLFragment) then yes, but since these are all constant strings, this makes more sense.

api/src/org/labkey/api/data/dialect/SqlDialect.java
return sql;
}

public SQLFragment appendCaseInsensitiveLikeClause(SQLFragment sql, @NotNull String matchStr, @Nullable String wildcardPrefix, @Nullable String wildcardSuffix)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend unit tests for each of these incantations.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

junit tests added

api/src/org/labkey/api/data/dialect/SqlDialect.java
@@ -535,6 +536,40 @@ public SQLFragment appendInClauseSql(SQLFragment sql, @NotNull Collection<?> par
return DEFAULT_GENERATOR.appendInClauseSql(sql, params);
}

public SQLFragment appendCaseInsensitiveLikeClause(SQLFragment sql, @NotNull String matchStr, @Nullable String wildcardPrefix, @Nullable String wildcardSuffix, char escapeChar)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It would be nice to get ConvertType.QClause.toSQLFragment() converted over to using this.

labkey-matthewb
labkey-matthewb reviewed Jul 14, 2025
View reviewed changes
api/src/org/labkey/api/data/dialect/SqlDialect.java
.append(getCaseInsensitiveLikeOperator())
.append(" ")
.appendValue(prefixLike)
.append(escapeToken);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think escapeToken is always !, but it would be better to use quoteStringLiteral()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For sql server, quoteStringLiteral adds a "N" prefix and that doesn't work for the escape character.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it

@XingY XingY merged commit 4a069a8 into develop Jul 15, 2025
8 of 9 checks passed
@XingY XingY deleted the fb_withCounterSqlLike branch July 15, 2025 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labkey-nicka labkey-nicka labkey-nicka approved these changes

@labkey-matthewb labkey-matthewb labkey-matthewb left review comments

Assignees

@XingY XingY

Labels
code review complete
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@XingY @labkey-nicka @labkey-matthewb