SQuirreL does not appear to properly escape column names when inserting data.
I am using SQuirreL 3.0.1 with PostgreSQL 8.3.6 and the 8.3.603 JDBC driver. I have a table with an "order" column.
If I right click on a table and "Make Editable" and then "Insert Row", enter the data, and hit "Insert" - I get an error dialog with the message:
> Exception seen during check on DB. Exception was:
> ERROR: syntax error at or near "order"
> Insert was probably not completed correctly. DB may be corrupted!
If I dismiss the dialog and then click on the "Press to view last log entry" button at the bottom, it shows me:
> Logged by net.sourceforge.squirrel_sql.client.session.DataSetUpdateableTableModelImpl at 3/24/09 12:27 AM:
> insertRow: pstmt sql = INSERT INTO "public"."page_group" ( page_group_id,order,properties_id,access_control_id,owner_user_id) VALUES ( ?, ?, ?, ?, ?)
Such a statement would not work unless the "order" column name is quoted similarly to the schema and table names.
Log in to post a comment.