reworking code of the statement impl

Author: chernser

clickhouse-jdbc/src/test/java/com/clickhouse/client/api/sql/SQLUtilsTest.java

@@ -1,5 +1,6 @@
 package com.clickhouse.client.api.sql;
 
+import com.clickhouse.jdbc.internal.SqlParser;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
@@ -129,6 +130,14 @@ public void testIsSimpleIdentifier(String identifier, boolean expected) {
     public void testIsSimpleIdentifier_NullInput() {
         SQLUtils.isSimpleIdentifier(null);
     }
-    
 
+    @Test
+    public void testUnquoteIdentifier() {
+        String[] names = new String[]{"test", "`test name1`", "\"test name 2\""};
+        String[] expected = new String[]{"test", "test name1", "test name 2"};
+
+        for (int i = 0; i < names.length; i++) {
+            assertEquals(SQLUtils.unquoteIdentifier(names[i]), expected[i]);
+        }
+    }
 }

client-v2/src/main/java/com/clickhouse/client/api/sql/SQLUtils.java

@@ -1,5 +1,8 @@
 package com.clickhouse.client.api.sql;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 public class SQLUtils {
     /**
      * Escapes and quotes a string literal for use in SQL queries.
@@ -112,4 +115,17 @@ public static boolean isSimpleIdentifier(String identifier) {
         }
         return SIMPLE_IDENTIFIER_PATTERN.matcher(identifier).matches();
     }
+
+    private final static Pattern UNQUOTE_INDENTIFIER = Pattern.compile(
+            "^[\\\"`]?(.+?)[\\\"`]?$"
+    );
+
+    public static String unquoteIdentifier(String str) {
+        Matcher matcher = UNQUOTE_INDENTIFIER.matcher(str.trim());
+        if (matcher.find()) {
+            return matcher.group(1);
+        } else {
+            return str;
+        }
+    }
 }

jdbc-v2/src/main/java/com/clickhouse/jdbc/internal/ParsedPreparedStatement.java

@@ -1,5 +1,6 @@
 package com.clickhouse.jdbc.internal;
 
+import com.clickhouse.client.api.sql.SQLUtils;
 import org.antlr.v4.runtime.tree.ErrorNode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -144,7 +145,7 @@ public void enterQueryStmt(ClickHouseParser.QueryStmtContext ctx) {
     @Override
     public void enterUseStmt(ClickHouseParser.UseStmtContext ctx) {
         if (ctx.databaseIdentifier() != null) {
-            setUseDatabase(SqlParser.unquoteIdentifier(ctx.databaseIdentifier().getText()));
+            setUseDatabase(SQLUtils.unquoteIdentifier(ctx.databaseIdentifier().getText()));
         }
     }
 
@@ -155,7 +156,7 @@ public void enterSetRoleStmt(ClickHouseParser.SetRoleStmtContext ctx) {
         } else {
             List<String> roles = new ArrayList<>();
             for (ClickHouseParser.IdentifierContext id : ctx.setRolesList().identifier()) {
-                roles.add(SqlParser.unquoteIdentifier(id.getText()));
+                roles.add(SQLUtils.unquoteIdentifier(id.getText()));
             }
             setRoles(roles);
         }

jdbc-v2/src/main/java/com/clickhouse/jdbc/internal/ParsedStatement.java

@@ -1,5 +1,6 @@
 package com.clickhouse.jdbc.internal;
 
+import com.clickhouse.client.api.sql.SQLUtils;
 import org.antlr.v4.runtime.tree.ErrorNode;
 
 import java.util.ArrayList;
@@ -87,7 +88,7 @@ public void enterQueryStmt(ClickHouseParser.QueryStmtContext ctx) {
     @Override
     public void enterUseStmt(ClickHouseParser.UseStmtContext ctx) {
         if (ctx.databaseIdentifier() != null) {
-            setUseDatabase(SqlParser.unquoteIdentifier(ctx.databaseIdentifier().getText()));
+            setUseDatabase(SQLUtils.unquoteIdentifier(ctx.databaseIdentifier().getText()));
         }
     }
 
@@ -98,7 +99,7 @@ public void enterSetRoleStmt(ClickHouseParser.SetRoleStmtContext ctx) {
         } else {
             List<String> roles = new ArrayList<>();
             for (ClickHouseParser.IdentifierContext id : ctx.setRolesList().identifier()) {
-                roles.add(SqlParser.unquoteIdentifier(id.getText()));
+                roles.add(SQLUtils.unquoteIdentifier(id.getText()));
             }
             setRoles(roles);
         }

jdbc-v2/src/main/java/com/clickhouse/jdbc/internal/SqlParser.java

@@ -10,9 +10,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
 public class SqlParser {
 
     private static final Logger LOG = LoggerFactory.getLogger(SqlParser.class);
@@ -41,28 +38,6 @@ public ParsedPreparedStatement parsePreparedStatement(String sql) {
         return parserListener;
     }
 
-    private final static Pattern UNQUOTE_INDENTIFIER = Pattern.compile(
-            "^[\\\"`]?(.+?)[\\\"`]?$"
-    );
-
-    public static String unquoteIdentifier(String str) {
-        Matcher matcher = UNQUOTE_INDENTIFIER.matcher(str.trim());
-        if (matcher.find()) {
-            return matcher.group(1);
-        } else {
-            return str;
-        }
-    }
-
-    public static String escapeQuotes(String str) {
-        if (str == null || str.isEmpty()) {
-            return str;
-        }
-        return str
-                .replace("'", "\\'")
-                .replace("\"", "\\\"");
-    }
-
     private static class ParserErrorListener extends BaseErrorListener {
         @Override
         public void syntaxError(Recognizer<?, ?> recognizer, Object offendingSymbol, int line, int charPositionInLine, String msg, RecognitionException e) {

jdbc-v2/src/main/java/com/clickhouse/jdbc/metadata/DatabaseMetaDataImpl.java

@@ -1,11 +1,13 @@
 package com.clickhouse.jdbc.metadata;
 
+import com.clickhouse.client.api.sql.SQLUtils;
 import com.clickhouse.data.ClickHouseColumn;
 import com.clickhouse.data.ClickHouseDataType;
 import com.clickhouse.jdbc.ConnectionImpl;
 import com.clickhouse.jdbc.Driver;
 import com.clickhouse.jdbc.JdbcV2Wrapper;
 import com.clickhouse.jdbc.ResultSetImpl;
+import com.clickhouse.jdbc.StatementImpl;
 import com.clickhouse.jdbc.internal.ClientInfoProperties;
 import com.clickhouse.jdbc.internal.DriverProperties;
 import com.clickhouse.jdbc.internal.ExceptionUtils;
@@ -859,9 +861,9 @@ public ResultSet getColumns(String catalog, String schemaPattern, String tableNa
                 "'NO' as IS_AUTOINCREMENT, " +
                 "'NO' as IS_GENERATEDCOLUMN " +
                 " FROM system.columns" +
-                " WHERE database LIKE '" + (schemaPattern == null ? "%" : SqlParser.escapeQuotes(schemaPattern)) + "'" +
-                " AND table LIKE '" + (tableNamePattern == null ? "%" : SqlParser.escapeQuotes(tableNamePattern)) + "'" +
-                " AND name LIKE '" + (columnNamePattern == null ? "%" : SqlParser.escapeQuotes(columnNamePattern)) + "'" +
+                " WHERE database LIKE " + SQLUtils.enquoteLiteral(schemaPattern == null ? "%" : schemaPattern) +
+                " AND table LIKE " + SQLUtils.enquoteLiteral(tableNamePattern == null ? "%" : tableNamePattern) +
+                " AND name LIKE " + SQLUtils.enquoteLiteral(columnNamePattern == null ? "%" : columnNamePattern) +
                 " ORDER BY TABLE_SCHEM, TABLE_NAME, ORDINAL_POSITION";
         try {
             return new MetadataResultSet((ResultSetImpl) connection.createStatement().executeQuery(sql))

jdbc-v2/src/test/java/com/clickhouse/jdbc/internal/SqlParserTest.java

@@ -182,26 +182,6 @@ public void testPreparedStatementInsertSQL() {
         assertEquals(parsed.getAssignValuesGroups(), 1);
     }
 
-    @Test
-    public void testUnquoteIdentifier() {
-        String[] names = new String[]{"test", "`test name1`", "\"test name 2\""};
-        String[] expected = new String[]{"test", "test name1", "test name 2"};
-
-        for (int i = 0; i < names.length; i++) {
-            assertEquals(SqlParser.unquoteIdentifier(names[i]), expected[i]);
-        }
-    }
-
-    @Test
-    public void testEscapeQuotes() {
-        String[] inStr = new String[]{"%valid_name%", "' OR 1=1 --", "\" OR 1=1 --"};
-        String[] outStr = new String[]{"%valid_name%", "\\' OR 1=1 --", "\\\" OR 1=1 --"};
-
-        for (int i = 0; i < inStr.length; i++) {
-            assertEquals(SqlParser.escapeQuotes(inStr[i]), outStr[i]);
-        }
-    }
-
     @Test
     public void testStmtWithCasts() {
         String sql = "SELECT ?::integer, ?, '?::integer' FROM table WHERE v = ?::integer"; // CAST(?, INTEGER)