Strange behaviour on Oracle 12 with escape character [message #1771484] |
Fri, 25 August 2017 09:58  |
Eclipse User |
|
|
|
Hello,
I need help troubleshooting a strange bug. There is an application running on Oracle 12 and Eclipselink 2.5.2 with a simple search screen that uses a LIKE clause and "%" as wildcards.
The application creates the query using criteria builder. A QA tester entered only the "_" underscore character in the search screen. The application does not check which text is passed and just wraps it with the '%' character.
cb.and(conjunction, cb.like(cb.lower(name), new StringBuilder("%").append(escape(param)).append("%").toString()));
At runtime, when the query is executed the following appears in the log:
bind => [%\_%, ACTIVE, IT, 20, 0]
Unexpectedly (at least for me) Eclipselink has decided to escape the "_" char with a leading "\". The database is Oracle 12. I would then expect the resulting query to be suffixed with "ESCAPE '\'" but this is not happening and the query returns nothing because in absence of the escape clause "\_" is processed as if it was the original user search string.
What am I missing?
thanks.
GianMaria.
|
|
|
|
|
Re: Strange behaviour on Oracle 12 with escape character [message #1771795 is a reply to message #1771685] |
Wed, 30 August 2017 10:51  |
Eclipse User |
|
|
|
You would be better off proving it by creating a string variable that you pass to the query, and printing it off before passing it in. You might also try using parameters rather than directly passing it in as a literal:
cb.and(conjunction, cb.like(cb.lower(name), cb.parameter(String.class, "name") ));
..
query.setParameter("name", yourString);
|
|
|
Powered by
FUDForum. Page generated in 0.28379 seconds