DataImportHandler not escaping single quotes
--------------------------------------------
Key: SOLR-1831
URL: https://issues.apache.org/jira/browse/SOLR-1831
Project: Solr
Issue Type: Bug
Components: contrib - DataImportHandler
Affects Versions: 1.4, 1.5
Environment: Windows XP Pro SP3
java 1.6.0.18
Solr 1.4, Solr 1.5 dev
MySQL 5.1
Reporter: Kevin
SQL queries are not being properly escaped. Single quotes are being passed to
SQL driver. Despite line 78 of EvaluatorBag.java single quotes are being
retrieved in fields from the parent entity. When a field containing a single
quote is referenced via variable in a child entity's query string it does not
get escaped.
I have tested this in both 1.4 and 1.5-dev and receive the same result. Below
is the error that I received when this happened:
SEVERE: Exception while processing: person document :
solrInputDocument[{Person_hasAlias=Person_hasAlias(1.0)={Al'fiuwa},
id=id(1.0)={http://x.yz/bk/aya/},
Person_hasTempRi=Person_hasTempRi(1.0)={http://x.yz/bk/aya/ > Al'fiuwa},
Person_hasEmailAddress=Person_hasEmailAddress(1.0)={...@bk.yz}}]
org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to
execute query: SELECT * FROM Message WHERE hasAuthor='http://x.yz/bk/aya/ >
Al'fiuwa' Processing Document # 593
at
org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:72)
at
org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:251)
at
org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:208)
at
org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:39)
at
org.apache.solr.handler.dataimport.SqlEntityProcessor.initQuery(SqlEntityProcessor.java:58)
at
org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(SqlEntityProcessor.java:71)
at
org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:233)
at
org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:580)
at
org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:606)
at
org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:261)
at
org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:185)
at
org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:333)
at
org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:391)
at
org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:372)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have
an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near 'fiuwa'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.Util.getInstance(Util.java:381)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1030)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3515)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3447)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1951)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2101)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2548)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2477)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:741)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:587)
at
org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:244)
... 12 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
