|
From: Stefan W. <ste...@ao...> - 2010-10-25 14:14:40
|
Hi Rob,
we have already discussed the reason, why Squirrel cannot edit db-fields
with an backslash on an MySql-DB.
It seems that for an PostgresSQL-DB the same problem was solved by using
an DatabaseSpecificEscape e.g. PostgreSQLEscape
Now sure, we could do the same for an MySql-DB like this:
private static class MySqlSQLEscape implements IEscape
{
public boolean productMatches(ISQLDatabaseMetaData md)
{
return DialectFactory.isMySQL5(md);
}
/**
* For a MySQL Database we need to escape some characters.
* <a
href="http://dev.mysql.com/doc/refman/5.1/de/string-syntax.html">See the
MySQL Manual </a
* @see
net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.DatabaseSpecificEscape.IEscape#escapeSQL(java.lang.String)
*/
public String escapeSQL(String sql)
{
return sql.replaceAll("\\\\","\\\\\\\\");
}
}
Sure, this code would be very simple, but it doesn't work on all MySql
DB-Configuration. At an MySQL DB you can set the SQL-MODE to
NO_BACKSLASH_ESCAPES. Enabling this mode, than an escaped Backslash
would be treated as two backslashes. Then this code would fail.
Sure, Squirrel could check, if escaping an Backslash is necessary. e.g .
with this SQL: SELECT @@SESSION.sql_mode
Another drawback of using an DatabaseSpecificEscape is, that the
escapeSQL(string) method is applied to the whole where clause, not only
to string-fields, which might be a problem.
*Another solution:*
On the other side, when using PreparedStatements, then the DB-Driver is
responsible for escaping special characters. But what changes would this
mean:
* Changing the signature of
IDataTypeComponent.getWhereClauseValue(Object, ISQLDatabaseMetaData)
* Changing the implementation of all DataTypes
* Changing the implementation of DataSetUpdateableTableModelImpl
o deleteRows
o getWarningOnCurrentData
o getWarningOnProjectedUpdate
o getWhereClause
o reReadDatum
o updateTableComponent
When doing so, some duplicate code about counting affected rows could be
removed.
The solution I would discuss is following:
* The DataType should return an Interface WhereClausePart instead of
an String representation like column=value.
* The WhereClausePart should have following methods
o public String getWhereClause();
o public void appendToClause(StringBuilder whereClause);
o public void setParameter(PreparedStatement pstmt, int
position) throws SQLException;
o public boolean isParameterUsed();
* The WhereClausePart could have several implementations:
o AbstractWhereClausePart: Basic implementation which have a
reference to IDataTypeComponent for the capability to set
the parameters into the PreparedStatements.
o NopWhereClausePart: Instead of returning an empty String,
Return this for an "No Operation" meaning.
o IsNullWhereClausePart: This part of the where-clause
represents an "is null" statement
o ParameterWhereClausePart: This clause use an JDBC-Parameter
for the where clause
o NoParameterWhereClausePart: For all special situations like
DataTypeDate with the trunc-method. The benefit of this
class is, that each DataType could decide if it want to use
an parameter or the hard-coded part of the where clause.
* Change DataSetUpdateableTableModelImpl to use PreparedStatements.
So, what did you think, is this an appropriated solution for this bug
and an additional value for Squirrel?
When yes, let it me know, I have already done most of the work :-)
Stefan
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Robert M. <rob...@gm...> - 2010-10-29 14:06:05
|
I haven't had time to look at this yet, but will soon.
Rob
-- Sent from my Palm Pre
On Oct 25, 2010 10:16 AM, Stefan Willinger <ste...@ao...> wrote:
Hi Rob,
we have already discussed the reason, why Squirrel cannot edit db-fields
with an backslash on an MySql-DB.
It seems that for an PostgresSQL-DB the same problem was solved by using
an DatabaseSpecificEscape e.g. PostgreSQLEscape
Now sure, we could do the same for an MySql-DB like this:
private static class MySqlSQLEscape implements IEscape
{
public boolean productMatches(ISQLDatabaseMetaData md)
{
return DialectFactory.isMySQL5(md);
}
/**
* For a MySQL Database we need to escape some characters.
* <a
href="http://dev.mysql.com/doc/refman/5.1/de/string-syntax.html">See the
MySQL Manual </a
* @see
net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.DatabaseSpecificEscape.IEscape#escapeSQL(java.lang.String)
*/
public String escapeSQL(String sql)
{
return sql.replaceAll("\\\\","\\\\\\\\");
}
}
Sure, this code would be very simple, but it doesn't work on all MySql
DB-Configuration. At an MySQL DB you can set the SQL-MODE to
NO_BACKSLASH_ESCAPES. Enabling this mode, than an escaped Backslash
would be treated as two backslashes. Then this code would fail.
Sure, Squirrel could check, if escaping an Backslash is necessary. e.g .
with this SQL: SELECT @@SESSION.sql_mode
Another drawback of using an DatabaseSpecificEscape is, that the
escapeSQL(string) method is applied to the whole where clause, not only
to string-fields, which might be a problem.
*Another solution:*
On the other side, when using PreparedStatements, then the DB-Driver is
responsible for escaping special characters. But what changes would this
mean:
* Changing the signature of
IDataTypeComponent.getWhereClauseValue(Object, ISQLDatabaseMetaData)
* Changing the implementation of all DataTypes
* Changing the implementation of DataSetUpdateableTableModelImpl
o deleteRows
o getWarningOnCurrentData
o getWarningOnProjectedUpdate
o getWhereClause
o reReadDatum
o updateTableComponent
When doing so, some duplicate code about counting affected rows could be
removed.
The solution I would discuss is following:
* The DataType should return an Interface WhereClausePart instead of
an String representation like column=value.
* The WhereClausePart should have following methods
o public String getWhereClause();
o public void appendToClause(StringBuilder whereClause);
o public void setParameter(PreparedStatement pstmt, int
position) throws SQLException;
o public boolean isParameterUsed();
* The WhereClausePart could have several implementations:
o AbstractWhereClausePart: Basic implementation which have a
reference to IDataTypeComponent for the capability to set
the parameters into the PreparedStatements.
o NopWhereClausePart: Instead of returning an empty String,
Return this for an "No Operation" meaning.
o IsNullWhereClausePart: This part of the where-clause
represents an "is null" statement
o ParameterWhereClausePart: This clause use an JDBC-Parameter
for the where clause
o NoParameterWhereClausePart: For all special situations like
DataTypeDate with the trunc-method. The benefit of this
class is, that each DataType could decide if it want to use
an parameter or the hard-coded part of the where clause.
* Change DataSetUpdateableTableModelImpl to use PreparedStatements.
So, what did you think, is this an appropriated solution for this bug
and an additional value for Squirrel?
When yes, let it me know, I have already done most of the work :-)
Stefan
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Squirrel-sql-develop mailing list
Squ...@li...
https://lists.sourceforge.net/lists/listinfo/squirrel-sql-develop
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Robert M. <rob...@gm...> - 2010-11-04 00:40:41
|
Setfan,
Thinking about this more, I agree that this change would be beneficial
in the ways you have described. However, it is a bit like major
surgery and presents a bit of risk to include in the 3.2 release which
we are currently preparing. If Gerd agrees, I would like to see this
as a patch soon after we release 3.2. One other thing; it would be
nice to demonstrate how effective this implementation is on various
databases. I am thinking perhaps 1) simple SQL script to create a
table and populate it with data that needs to be quoted and 2) a test
driver that connects and verifies that the PreparedStatement approach
works as expected. If such a test existed I have a number of
databases setup to verify it against. I know that this sounds like
more of a test for JDBC drivers, but as SQuirreL depends on the
driver, it is affected by the bugs they have. Does that sound
reasonable ?
Rob
On Mon, Oct 25, 2010 at 10:14 AM, Stefan Willinger <ste...@ao...> wrote:
> Hi Rob,
>
> we have already discussed the reason, why Squirrel cannot edit db-fields
> with an backslash on an MySql-DB.
>
> It seems that for an PostgresSQL-DB the same problem was solved by using
> an DatabaseSpecificEscape e.g. PostgreSQLEscape
>
> Now sure, we could do the same for an MySql-DB like this:
>
> private static class MySqlSQLEscape implements IEscape
> {
> public boolean productMatches(ISQLDatabaseMetaData md)
> {
> return DialectFactory.isMySQL5(md);
> }
> /**
> * For a MySQL Database we need to escape some characters.
> * <a
> href="http://dev.mysql.com/doc/refman/5.1/de/string-syntax.html">See the
> MySQL Manual </a
> * @see
> net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.DatabaseSpecificEscape.IEscape#escapeSQL(java.lang.String)
> */
> public String escapeSQL(String sql)
> {
> return sql.replaceAll("\\\\","\\\\\\\\");
> }
> }
>
> Sure, this code would be very simple, but it doesn't work on all MySql
> DB-Configuration. At an MySQL DB you can set the SQL-MODE to
> NO_BACKSLASH_ESCAPES. Enabling this mode, than an escaped Backslash
> would be treated as two backslashes. Then this code would fail.
>
> Sure, Squirrel could check, if escaping an Backslash is necessary. e.g .
> with this SQL: SELECT @@SESSION.sql_mode
>
> Another drawback of using an DatabaseSpecificEscape is, that the
> escapeSQL(string) method is applied to the whole where clause, not only
> to string-fields, which might be a problem.
>
> *Another solution:*
> On the other side, when using PreparedStatements, then the DB-Driver is
> responsible for escaping special characters. But what changes would this
> mean:
>
> * Changing the signature of
> IDataTypeComponent.getWhereClauseValue(Object, ISQLDatabaseMetaData)
> * Changing the implementation of all DataTypes
> * Changing the implementation of DataSetUpdateableTableModelImpl
> o deleteRows
> o getWarningOnCurrentData
> o getWarningOnProjectedUpdate
> o getWhereClause
> o reReadDatum
> o updateTableComponent
>
> When doing so, some duplicate code about counting affected rows could be
> removed.
>
> The solution I would discuss is following:
>
> * The DataType should return an Interface WhereClausePart instead of
> an String representation like column=value.
> * The WhereClausePart should have following methods
> o public String getWhereClause();
> o public void appendToClause(StringBuilder whereClause);
> o public void setParameter(PreparedStatement pstmt, int
> position) throws SQLException;
> o public boolean isParameterUsed();
> * The WhereClausePart could have several implementations:
> o AbstractWhereClausePart: Basic implementation which have a
> reference to IDataTypeComponent for the capability to set
> the parameters into the PreparedStatements.
> o NopWhereClausePart: Instead of returning an empty String,
> Return this for an "No Operation" meaning.
> o IsNullWhereClausePart: This part of the where-clause
> represents an "is null" statement
> o ParameterWhereClausePart: This clause use an JDBC-Parameter
> for the where clause
> o NoParameterWhereClausePart: For all special situations like
> DataTypeDate with the trunc-method. The benefit of this
> class is, that each DataType could decide if it want to use
> an parameter or the hard-coded part of the where clause.
> * Change DataSetUpdateableTableModelImpl to use PreparedStatements.
>
> So, what did you think, is this an appropriated solution for this bug
> and an additional value for Squirrel?
>
> When yes, let it me know, I have already done most of the work :-)
>
> Stefan
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Squirrel-sql-develop mailing list
> Squ...@li...
> https://lists.sourceforge.net/lists/listinfo/squirrel-sql-develop
>
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Stefan W. <ste...@ao...> - 2010-11-06 18:54:15
|
Hi Rob,
your comment sounds reasonable.
I will finish the implementation and create a script a you recommended.
At first, I will change the DataTypes by a conservative way, so that the
actual behaviour will not be changed. In a future step it seems, that
some DataTypes which doesn't support the where clause at the moment,
could change their behaviour.
But first I will ensure the actual functionality with PreparedStatements.
OK - so far...
Stefan
Am 2010-11-04 01:40, schrieb Robert Manning:
> Setfan,
>
> Thinking about this more, I agree that this change would be beneficial
> in the ways you have described. However, it is a bit like major
> surgery and presents a bit of risk to include in the 3.2 release which
> we are currently preparing. If Gerd agrees, I would like to see this
> as a patch soon after we release 3.2. One other thing; it would be
> nice to demonstrate how effective this implementation is on various
> databases. I am thinking perhaps 1) simple SQL script to create a
> table and populate it with data that needs to be quoted and 2) a test
> driver that connects and verifies that the PreparedStatement approach
> works as expected. If such a test existed I have a number of
> databases setup to verify it against. I know that this sounds like
> more of a test for JDBC drivers, but as SQuirreL depends on the
> driver, it is affected by the bugs they have. Does that sound
> reasonable ?
>
> Rob
>
> On Mon, Oct 25, 2010 at 10:14 AM, Stefan Willinger<ste...@ao...> wrote:
>
>> Hi Rob,
>>
>> we have already discussed the reason, why Squirrel cannot edit db-fields
>> with an backslash on an MySql-DB.
>>
>> It seems that for an PostgresSQL-DB the same problem was solved by using
>> an DatabaseSpecificEscape e.g. PostgreSQLEscape
>>
>> Now sure, we could do the same for an MySql-DB like this:
>>
>> private static class MySqlSQLEscape implements IEscape
>> {
>> public boolean productMatches(ISQLDatabaseMetaData md)
>> {
>> return DialectFactory.isMySQL5(md);
>> }
>> /**
>> * For a MySQL Database we need to escape some characters.
>> *<a
>> href="http://dev.mysql.com/doc/refman/5.1/de/string-syntax.html">See the
>> MySQL Manual</a
>> * @see
>> net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.DatabaseSpecificEscape.IEscape#escapeSQL(java.lang.String)
>> */
>> public String escapeSQL(String sql)
>> {
>> return sql.replaceAll("\\\\","\\\\\\\\");
>> }
>> }
>>
>> Sure, this code would be very simple, but it doesn't work on all MySql
>> DB-Configuration. At an MySQL DB you can set the SQL-MODE to
>> NO_BACKSLASH_ESCAPES. Enabling this mode, than an escaped Backslash
>> would be treated as two backslashes. Then this code would fail.
>>
>> Sure, Squirrel could check, if escaping an Backslash is necessary. e.g .
>> with this SQL: SELECT @@SESSION.sql_mode
>>
>> Another drawback of using an DatabaseSpecificEscape is, that the
>> escapeSQL(string) method is applied to the whole where clause, not only
>> to string-fields, which might be a problem.
>>
>> *Another solution:*
>> On the other side, when using PreparedStatements, then the DB-Driver is
>> responsible for escaping special characters. But what changes would this
>> mean:
>>
>> * Changing the signature of
>> IDataTypeComponent.getWhereClauseValue(Object, ISQLDatabaseMetaData)
>> * Changing the implementation of all DataTypes
>> * Changing the implementation of DataSetUpdateableTableModelImpl
>> o deleteRows
>> o getWarningOnCurrentData
>> o getWarningOnProjectedUpdate
>> o getWhereClause
>> o reReadDatum
>> o updateTableComponent
>>
>> When doing so, some duplicate code about counting affected rows could be
>> removed.
>>
>> The solution I would discuss is following:
>>
>> * The DataType should return an Interface WhereClausePart instead of
>> an String representation like column=value.
>> * The WhereClausePart should have following methods
>> o public String getWhereClause();
>> o public void appendToClause(StringBuilder whereClause);
>> o public void setParameter(PreparedStatement pstmt, int
>> position) throws SQLException;
>> o public boolean isParameterUsed();
>> * The WhereClausePart could have several implementations:
>> o AbstractWhereClausePart: Basic implementation which have a
>> reference to IDataTypeComponent for the capability to set
>> the parameters into the PreparedStatements.
>> o NopWhereClausePart: Instead of returning an empty String,
>> Return this for an "No Operation" meaning.
>> o IsNullWhereClausePart: This part of the where-clause
>> represents an "is null" statement
>> o ParameterWhereClausePart: This clause use an JDBC-Parameter
>> for the where clause
>> o NoParameterWhereClausePart: For all special situations like
>> DataTypeDate with the trunc-method. The benefit of this
>> class is, that each DataType could decide if it want to use
>> an parameter or the hard-coded part of the where clause.
>> * Change DataSetUpdateableTableModelImpl to use PreparedStatements.
>>
>> So, what did you think, is this an appropriated solution for this bug
>> and an additional value for Squirrel?
>>
>> When yes, let it me know, I have already done most of the work :-)
>>
>> Stefan
>> ------------------------------------------------------------------------------
>> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
>> Create new apps& games for the Nokia N8 for consumers in U.S. and Canada
>> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
>> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
>> http://p.sf.net/sfu/nokia-dev2dev
>> _______________________________________________
>> Squirrel-sql-develop mailing list
>> Squ...@li...
>> https://lists.sourceforge.net/lists/listinfo/squirrel-sql-develop
>>
>>
>
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Stefan W. <ste...@ao...> - 2011-02-19 19:46:05
|
Hi Rob,
after some time (unfortunate several months) I have finished the
implementation for the patch.
/*First: Like TDD - let me explain, how to test the changes:*/
According to your suggestion,I have prepared 2 SQL-Scripts, which
prepare an DB-Table (called basicTypes) for an MySQL and Oracle Database.
* /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/mysql.sql
* /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/oracle.sql
The content of this table contains some characters, which must be
escaped in an MySQL Database (according to
http://dev.mysql.com/doc/refman/5.1/en/string-syntax.html). There
existing 3 Test-Classes which tests the behavior of the JDBC-Driver for
the escaping of the special characters:
* /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/MySQLAdhocTests.java
* /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/MySQLnoBackslashEscapesAdhocTests.java
* /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/OracleAdhocTests.java
By extending their super class (AbstractAdhocTests) it should be very
simple to use the test for another db-driver.
These provided ad-hoc tests uses
CellComponentFactory.getWhereClauseValue() to create the where clause
and count the affected rows (each row is unique) when we use each column
(the same as Squirrel did, when updating table-data). So, this should be
a representing test-case.
For the new code, e.g. /IsNullWhereClausePart/ exists new test cases
e.g. /IsNullWhereClausePartTest.
*Second: The Idea behind the implementation
*/Normally the jdbc-driver is responsible to escape the special
characters of an database, when sql-parameters are used. Until now,
Squirrel build the where-clause for updating data or counting the
affected rows without parameters. In the future, Squirrel uses an
PreparedStatement for this. So the responsibility is moved to the
jdbc-driver.
/*Third: The implementation*/
The most new code exists in the module "fw". There is a new package
called
/net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.whereClause/.
The interface /IWhereClausePart/ replaces the simple String return type
of /IDataTypeComponent.getWhereClauseValue()/.
There are some implementations for this new interface:
* /IsNullWhereClausePart/
* /NoParameterWhereClausePart/
* /NopWhereClausePart/
* /ParameterWhereClausePart/
The new /WhereClausePartUtil /is responsible for creating the String for
the where-clause and setting the parameter into the PreparedStatement.
Each implementation of the /IWhereClausePart /knows the
/IDataTypeComponent/ which created the instance because it uses the
existing functionality for setting the parameter value.
Now, please review the changes. And if you think this is an suitable
solution, I would be happy if Squirrel contains this piece of code.
If there are some things to change - let me know - I will do it.
Stefan
Am 2010-11-06 19:54, schrieb Stefan Willinger:
> Hi Rob,
>
> your comment sounds reasonable.
>
> I will finish the implementation and create a script a you recommended.
>
> At first, I will change the DataTypes by a conservative way, so that the
> actual behaviour will not be changed. In a future step it seems, that
> some DataTypes which doesn't support the where clause at the moment,
> could change their behaviour.
>
> But first I will ensure the actual functionality with PreparedStatements.
>
> OK - so far...
>
> Stefan
>
>
>
> Am 2010-11-04 01:40, schrieb Robert Manning:
>> Setfan,
>>
>> Thinking about this more, I agree that this change would be beneficial
>> in the ways you have described. However, it is a bit like major
>> surgery and presents a bit of risk to include in the 3.2 release which
>> we are currently preparing. If Gerd agrees, I would like to see this
>> as a patch soon after we release 3.2. One other thing; it would be
>> nice to demonstrate how effective this implementation is on various
>> databases. I am thinking perhaps 1) simple SQL script to create a
>> table and populate it with data that needs to be quoted and 2) a test
>> driver that connects and verifies that the PreparedStatement approach
>> works as expected. If such a test existed I have a number of
>> databases setup to verify it against. I know that this sounds like
>> more of a test for JDBC drivers, but as SQuirreL depends on the
>> driver, it is affected by the bugs they have. Does that sound
>> reasonable ?
>>
>> Rob
>>
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Robert M. <rob...@gm...> - 2011-02-26 14:52:42
|
I am reviewing it now. So far I like what I am seeing. At the moment I
have a few questions:
1. Can we change the name of NopWhereClausePart to EmptyWhereClausePart ?
That seems a bit more readable to me.
2. In DataSetUpdateableTableModelImpl.updateTableComponent, in your new
code, there is now this:
// into the first (and only) variable position in the prepared
stmt
CellComponentFactory.setPreparedStatementValue(
colDefs[col], pstmt, newValue, 1);
WhereClausePartUtil.setParameters(pstmt, whereClauseParts, 2);
Would it be possible to use an additional ParameterWhereClausePart to make
the call to CellComponentFactory.setPreparedStatementValue unnecessary ?
3. Would it be too much trouble to give WhereClausePartUtil an interface
(say IWhereClausePartUtil) and have it be injectable instead of static ? (so
- a WhereClausePartUtil instance variable with a public setter that
accepts IWhereClausePartUtil in each class where it is used; This helps with
testability)
Rob
On Sat, Feb 19, 2011 at 2:45 PM, Stefan Willinger <ste...@ao...>wrote:
> Hi Rob,
>
> after some time (unfortunate several months) I have finished the
> implementation for the patch.
>
> *First: Like TDD - let me explain, how to test the changes:*
> According to your suggestion,I have prepared 2 SQL-Scripts, which prepare
> an DB-Table (called basicTypes) for an MySQL and Oracle Database.
>
> -
> /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/mysql.sql
> -
> /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/oracle.sql
>
> The content of this table contains some characters, which must be escaped
> in an MySQL Database (according to
> http://dev.mysql.com/doc/refman/5.1/en/string-syntax.html). There existing
> 3 Test-Classes which tests the behavior of the JDBC-Driver for the escaping
> of the special characters:
>
> -
> /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/MySQLAdhocTests.java
> -
> /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/MySQLnoBackslashEscapesAdhocTests.java
> -
> /squirrel-sql/src/test/java/net/sourceforge/squirrel_sql/fw/datasetviewer/cellcomponent/whereClause/OracleAdhocTests.java
>
> By extending their super class (AbstractAdhocTests) it should be very
> simple to use the test for another db-driver.
>
> These provided ad-hoc tests uses CellComponentFactory.getWhereClauseValue()
> to create the where clause and count the affected rows (each row is unique)
> when we use each column (the same as Squirrel did, when updating
> table-data). So, this should be a representing test-case.
>
> For the new code, e.g. *IsNullWhereClausePart* exists new test cases e.g.
> *IsNullWhereClausePartTest.
>
> Second: The Idea behind the implementation
> *Normally the jdbc-driver is responsible to escape the special characters
> of an database, when sql-parameters are used. Until now, Squirrel build the
> where-clause for updating data or counting the affected rows without
> parameters. In the future, Squirrel uses an PreparedStatement for this. So
> the responsibility is moved to the jdbc-driver.
>
> *Third: The implementation*
> The most new code exists in the module "fw". There is a new package called
> *net.sourceforge.squirrel_sql.fw.datasetviewer.cellcomponent.whereClause*.
> The interface *IWhereClausePart* replaces the simple String return type
> of *IDataTypeComponent.getWhereClauseValue()*.
> There are some implementations for this new interface:
>
> - *IsNullWhereClausePart*
> - *NoParameterWhereClausePart*
> - *NopWhereClausePart*
> - *ParameterWhereClausePart*
>
> The new *WhereClausePartUtil *is responsible for creating the String for
> the where-clause and setting the parameter into the PreparedStatement.
> Each implementation of the *IWhereClausePart *knows the *
> IDataTypeComponent* which created the instance because it uses the
> existing functionality for setting the parameter value.
>
>
> Now, please review the changes. And if you think this is an suitable
> solution, I would be happy if Squirrel contains this piece of code.
> If there are some things to change - let me know - I will do it.
>
>
> Stefan
>
>
>
>
>
>
> Am 2010-11-06 19:54, schrieb Stefan Willinger:
>
> Hi Rob,
>
> your comment sounds reasonable.
>
> I will finish the implementation and create a script a you recommended.
>
> At first, I will change the DataTypes by a conservative way, so that the
> actual behaviour will not be changed. In a future step it seems, that
> some DataTypes which doesn't support the where clause at the moment,
> could change their behaviour.
>
> But first I will ensure the actual functionality with PreparedStatements.
>
> OK - so far...
>
> Stefan
>
>
>
> Am 2010-11-04 01:40, schrieb Robert Manning:
>
> Setfan,
>
> Thinking about this more, I agree that this change would be beneficial
> in the ways you have described. However, it is a bit like major
> surgery and presents a bit of risk to include in the 3.2 release which
> we are currently preparing. If Gerd agrees, I would like to see this
> as a patch soon after we release 3.2. One other thing; it would be
> nice to demonstrate how effective this implementation is on various
> databases. I am thinking perhaps 1) simple SQL script to create a
> table and populate it with data that needs to be quoted and 2) a test
> driver that connects and verifies that the PreparedStatement approach
> works as expected. If such a test existed I have a number of
> databases setup to verify it against. I know that this sounds like
> more of a test for JDBC drivers, but as SQuirreL depends on the
> driver, it is affected by the bugs they have. Does that sound
> reasonable ?
>
> Rob
>
>
>
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Stefan W. <ste...@ao...> - 2011-02-26 19:06:02
|
Hi Rob,
1. Can we change the name of NopWhereClausePart to EmptyWhereClausePart
? That seems a bit more readable to me.
Of course. The first programming language I learned was Step 5 (the
programming language for Simatic S5 an Programable Logic Controller
within automation systems. Within the most build in functions you
needed the NOP operator for the NoOperation - Seems that the old
times are very present in my head :-)
I will update the code and JavaDoc.
2. Would it be possible to use an additional ParameterWhereClausePart to
make the call to CellComponentFactory.setPreparedStatementValue unnecessary?
Hm, with the call of CellComponentFactory.setPreparedStatementValue
we set the data of the changed data field. In the strict sense, this
is not an part of the where clause. If we add an additional
ParameterWhereClausePart for the changed data - that would be like
cheating.
If we want do this, we could:
* use an placeholder that is on the right (first) position which
is responsible only for setting the parameter and not for
creating the set=? part.
* or enhance the functionality, that constructing the update
statement is part of if (and maybe - insert/delete/select)
* or another suggestion?
3. Would it be too much trouble to give WhereClausePartUtil an interface.
Of course not. I think I didn't see an Dependency Injection
Container within Squirrel - So would it be appropriate to create an
instance variable initialized with an default, that could be
overwritten by the setter at each class where is is used?
I will prepare the first and the third part of your suggestions.
But what should we do with the second one?
Stefan
Am 2011-02-26 15:52, schrieb Robert Manning:
> I am reviewing it now. So far I like what I am seeing. At the
> moment I have a few questions:
>
> 1. Can we change the name of NopWhereClausePart to Empty
> WhereClausePart ? That seems a bit more readable to me.
>
> 2. In DataSetUpdateableTableModelImpl.updateTableComponent, in your
> new code, there is now this:
>
> // into the first (and only) variable position in the
> prepared stmt
> CellComponentFactory.setPreparedStatementValue(
> colDefs[col], pstmt, newValue, 1);
> WhereClausePartUtil.setParameters(pstmt, whereClauseParts, 2);
>
> Would it be possible to use an additional ParameterWhereClausePart to
> make the call to CellComponentFactory.setPreparedStatementValue
> unnecessary ?
>
> 3. Would it be too much trouble to give WhereClausePartUtil an
> interface (say IWhereClausePartUtil) and have it be injectable instead
> of static ? (so - a WhereClausePartUtil instance variable with a
> public setter that accepts IWhereClausePartUtil in each class where it
> is used; This helps with testability)
>
> Rob
|
|
Re: [Squirrel-sql-develop] Ways to solve Bug 3088572 - "Error while
editing some fields in Squirrel"
From: Robert M. <rob...@gm...> - 2011-02-26 20:28:43
|
For #2 - nevermind, you are absolutely correct; I mistook setPreparedStatementValue for setting a bind var in the where clause. As of yet there is no IoC container being used in the main application. For the update application, since it must run outside of SQuirreL, and because it was brand new I took liberty to use Spring there. For now, an instance variable initialized in the declaration is fine. Should we decide to move to IoC in the future, any statics we can avoid will help. Rob On Sat, Feb 26, 2011 at 2:05 PM, Stefan Willinger <ste...@ao...>wrote: > Hi Rob, > > > 1. Can we change the name of NopWhereClausePart to EmptyWhereClausePart ? > That seems a bit more readable to me. > > Of course. The first programming language I learned was Step 5 (the > programming language for Simatic S5 an Programable Logic Controller within > automation systems. Within the most build in functions you needed the NOP > operator for the NoOperation - Seems that the old times are very present in > my head :-) > I will update the code and JavaDoc. > > 2. Would it be possible to use an additional ParameterWhereClausePart to > make the call to CellComponentFactory.setPreparedStatementValue unnecessary? > > Hm, with the call of CellComponentFactory.setPreparedStatementValue we set > the data of the changed data field. In the strict sense, this is not an part > of the where clause. If we add an additional ParameterWhereClausePart for > the changed data - that would be like cheating. > If we want do this, we could: > > - use an placeholder that is on the right (first) position which is > responsible only for setting the parameter and not for creating the set=? > part. > - or enhance the functionality, that constructing the update statement > is part of if (and maybe - insert/delete/select) > - or another suggestion? > > 3. Would it be too much trouble to give WhereClausePartUtil an interface. > > Of course not. I think I didn't see an Dependency Injection Container > within Squirrel - So would it be appropriate to create an instance variable > initialized with an default, that could be overwritten by the setter at each > class where is is used? > > > I will prepare the first and the third part of your suggestions. > > But what should we do with the second one? > > Stefan > > > Am 2011-02-26 15:52, schrieb Robert Manning: > > I am reviewing it now. So far I like what I am seeing. At the moment I > have a few questions: > > 1. Can we change the name of NopWhereClausePart to Empty WhereClausePart > ? That seems a bit more readable to me. > > 2. In DataSetUpdateableTableModelImpl.updateTableComponent, in your new > code, there is now this: > > // into the first (and only) variable position in the prepared > stmt > CellComponentFactory.setPreparedStatementValue( > colDefs[col], pstmt, newValue, 1); > WhereClausePartUtil.setParameters(pstmt, whereClauseParts, 2); > > Would it be possible to use an additional ParameterWhereClausePart to > make the call to CellComponentFactory.setPreparedStatementValue unnecessary > ? > > 3. Would it be too much trouble to give WhereClausePartUtil an interface > (say IWhereClausePartUtil) and have it be injectable instead of static ? (so > - a WhereClausePartUtil instance variable with a public setter that > accepts IWhereClausePartUtil in each class where it is used; This helps with > testability) > > Rob > > |
