Index: openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl,v diff -u -r1.148.2.73 -r1.148.2.74 --- openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 20 Jan 2023 12:15:16 -0000 1.148.2.73 +++ openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 23 Jan 2023 09:23:48 -0000 1.148.2.74 @@ -849,15 +849,6 @@ set c 0; set l ""; set last 0 set execArgs {}; set prepArgs {} - # - # Colon characters may happen also inside of strings. We want to - # allow this, so we first replace every legitimate string in the - # SQL with a placeholder and collect the variables on the - # replaced text. - # - set strings [regexp -all -inline {'(\\'|[^'])*'} $sql] - regsub -all {'(\\'|[^'])*'} $sql "#__string__#" sql - foreach pair [regexp -all -inline -indices {[^:]:[a-zA-Z0_9_]+\M} $sql] { lassign $pair from to lappend execArgs [string range $sql $from+1 $to] @@ -867,13 +858,6 @@ } append l [string range $sql $last end] - # - # Put back the substituted strings in the prepared SQL. - # - foreach {s p} $strings { - regsub "#__string__#" $l $s l - } - dict set d args $execArgs dict set d sql $l return $d Index: openacs-4/packages/xotcl-core/tcl/test/xotcl-test-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/test/xotcl-test-procs.tcl,v diff -u -r1.1.2.27 -r1.1.2.28 --- openacs-4/packages/xotcl-core/tcl/test/xotcl-test-procs.tcl 17 Jan 2023 09:53:21 -0000 1.1.2.27 +++ openacs-4/packages/xotcl-core/tcl/test/xotcl-test-procs.tcl 23 Jan 2023 09:23:48 -0000 1.1.2.28 @@ -438,29 +438,45 @@ } }] - aa_false "::xo::dc 1row with 1 parameter, prepared statement with SQL containing semicolon - no error" [catch { - ::xo::dc 1row -prepare integer get_object { - select object_id as object_id_found_6 - from acs_objects where object_id = :object_id and title <> '__I:Do:Not:Exist' - } - }] + if {[info procs ns_pg_prepare] ne ""} { - aa_equals "::xo::dc 1row with 1 parameter, prepared statement with SQL containing semicolon - value was returned" \ - $object_id $object_id_found_6 + # + # ns_pg_prepare is implemented via tcl fallback: this + # NaviServer version will not support prepared statements + # where the query contains strings with colon. + # + set aa_error_level $::aa_error_level + set ::aa_error_level warning + aa_log_result fail "This NaviServer version does not support prepared statements with strings containing colons." + set ::aa_error_level $aa_error_level - aa_false "::xo::dc 1row with 1 parameter, prepared statement with SQL containing semicolon - no error" [catch { - ::xo::dc 1row -prepare integer get_object { - select object_id as object_id_found_7 - from acs_objects - where object_id = :object_id - and title <> ':__I:Do:Not:Exist' - and title <> ' :__I::also:Do:Not:Exist' - } - }] + } else { - aa_equals "::xo::dc 1row with 1 parameter, prepared statement with SQL containing semicolon - value was returned" \ - $object_id $object_id_found_7 + aa_false "::xo::dc 1row with 1 parameter, prepared statement with SQL containing colon - no error" [catch { + ::xo::dc 1row -prepare integer get_object { + select object_id as object_id_found_6 + from acs_objects where object_id = :object_id and title <> '__I:Do:Not:Exist' + } + }] + aa_equals "::xo::dc 1row with 1 parameter, prepared statement with SQL containing colon - value was returned" \ + $object_id $object_id_found_6 + + aa_false "::xo::dc 1row with 1 parameter, prepared statement with SQL containing colon - no error" [catch { + ::xo::dc 1row -prepare integer get_object { + select object_id as object_id_found_7 + from acs_objects + where object_id = :object_id + and title <> ':__I:Do:Not:Exist' + and title <> ' :__I::also:Do:Not:Exist' + } + }] + + aa_equals "::xo::dc 1row with 1 parameter, prepared statement with SQL containing colon - value was returned" \ + $object_id $object_id_found_7 + + } + # # foreach #