From 4773999dd6da6c443e1947bfbb8ecd31b84f261b Mon Sep 17 00:00:00 2001 From: Marc Baloup Date: Thu, 18 Jul 2019 17:37:27 +0200 Subject: [PATCH] escaping column names in ORM --- src/main/java/fr/pandacube/java/util/orm/SQLOrderBy.java | 2 +- src/main/java/fr/pandacube/java/util/orm/SQLWhereChain.java | 3 ++- src/main/java/fr/pandacube/java/util/orm/SQLWhereComp.java | 2 +- src/main/java/fr/pandacube/java/util/orm/SQLWhereLike.java | 2 +- src/main/java/fr/pandacube/java/util/orm/SQLWhereNull.java | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/java/fr/pandacube/java/util/orm/SQLOrderBy.java b/src/main/java/fr/pandacube/java/util/orm/SQLOrderBy.java index cb85026..1822a78 100644 --- a/src/main/java/fr/pandacube/java/util/orm/SQLOrderBy.java +++ b/src/main/java/fr/pandacube/java/util/orm/SQLOrderBy.java @@ -41,7 +41,7 @@ public class SQLOrderBy { for (OBField f : orderByFields) { if (!first) ret += ", "; first = false; - ret += f.field.getName() + " " + f.direction.name(); + ret += "`" + f.field.getName() + "` " + f.direction.name(); } return ret; } diff --git a/src/main/java/fr/pandacube/java/util/orm/SQLWhereChain.java b/src/main/java/fr/pandacube/java/util/orm/SQLWhereChain.java index 0b2991d..813ebc4 100644 --- a/src/main/java/fr/pandacube/java/util/orm/SQLWhereChain.java +++ b/src/main/java/fr/pandacube/java/util/orm/SQLWhereChain.java @@ -41,7 +41,8 @@ public class SQLWhereChain extends SQLWhere { public enum SQLBoolOp { /** Equivalent to SQL "AND" */ - AND("AND"), /** Equivalent to SQL "OR" */ + AND("AND"), + /** Equivalent to SQL "OR" */ OR("OR"); public final String sql; diff --git a/src/main/java/fr/pandacube/java/util/orm/SQLWhereComp.java b/src/main/java/fr/pandacube/java/util/orm/SQLWhereComp.java index e20bbe8..544dbb0 100644 --- a/src/main/java/fr/pandacube/java/util/orm/SQLWhereComp.java +++ b/src/main/java/fr/pandacube/java/util/orm/SQLWhereComp.java @@ -30,7 +30,7 @@ public class SQLWhereComp extends SQLWhere { public Pair> toSQL() throws ORMException { List params = new ArrayList<>(); SQLElement.addValueToSQLObjectList(params, left, right); - return new Pair<>(left.getName() + " " + comp.sql + " ? ", params); + return new Pair<>("`" + left.getName() + "` " + comp.sql + " ? ", params); } public enum SQLComparator { diff --git a/src/main/java/fr/pandacube/java/util/orm/SQLWhereLike.java b/src/main/java/fr/pandacube/java/util/orm/SQLWhereLike.java index 015b6a8..d7c4186 100644 --- a/src/main/java/fr/pandacube/java/util/orm/SQLWhereLike.java +++ b/src/main/java/fr/pandacube/java/util/orm/SQLWhereLike.java @@ -27,7 +27,7 @@ public class SQLWhereLike extends SQLWhere { public Pair> toSQL() { ArrayList params = new ArrayList<>(); params.add(likeExpr); - return new Pair<>(field.getName() + " LIKE ? ", params); + return new Pair<>("`" + field.getName() + "` LIKE ? ", params); } } diff --git a/src/main/java/fr/pandacube/java/util/orm/SQLWhereNull.java b/src/main/java/fr/pandacube/java/util/orm/SQLWhereNull.java index 55e7088..1a85caf 100644 --- a/src/main/java/fr/pandacube/java/util/orm/SQLWhereNull.java +++ b/src/main/java/fr/pandacube/java/util/orm/SQLWhereNull.java @@ -30,7 +30,7 @@ public class SQLWhereNull extends SQLWhere { @Override public Pair> toSQL() { - return new Pair<>(fild.getName() + ((nulll) ? " IS NULL" : " IS NOT NULL"), new ArrayList<>()); + return new Pair<>("`" + fild.getName() + "` IS " + ((nulll) ? "NULL" : "NOT NULL"), new ArrayList<>()); } }