Skip to content

fix(clickhouse): avoid placeholder conflicts by using explicit parameter tokens #10160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(clickhouse): avoid placeholder conflicts by using explicit parameter tokens #10160

wants to merge 1 commit into from
+24 −9

Conversation

@W48B1T
Copy link

@W48B1T W48B1T commented Nov 19, 2025
edited
Loading

Problem

The current implementation of the ClickHouse driver uses the ? symbol as a placeholder. The sqlstring.format function replaces all ? characters positionally with parameters. This only works when the built query does not contain ? for any other purpose; it breaks as soon as a literal question mark is used in the SQL.

Question marks commonly appear in SQL literals, for example in regular expressions used in cube fields:

group: {
  title: `group`,
  type: `string`,
  sql: `extract(${CUBE}."group", '(.*?)(?:-?\\d{2})')`
}

There is also no way to escape such occurrences of the ? symbol for sqlstring.format, so these conflicts cannot be avoided with the existing approach.

Proposed Solution

This change replaces the placeholder symbol ? with placeholder tokens of the form ___ClickHouseParam_(\d+)___ in the driver and the clickhouse schema compiler. The remaining logic and escaping of sqlstring (using sqlstring.escape) stays intact.

Check List

  • Tests have been run in packages where changes have been made if available
  • Linter has been run for changed code
  • Tests for the changes have been added if not covered yet
  • Docs have been added / updated if required

Issue Reference this PR resolves

#6589

@W48B1T
fix(clickhouse): avoid placeholder conflicts by using explicit parame…
8a90753 
…ter tokens

The current implementation of the ClickHouse driver uses the `?` symbol as a placeholder. The `sqlstring.format` function replaces all `?` characters positionally with parameters. This only works when the built query does not contain `?` for any other purpose; it breaks as soon as a literal question mark is used in the SQL.

Question marks commonly appear in SQL literals, for example in regular expressions used in cube fields:

```
group: {
  title: `group`,
  type: `string`,
  sql: `extract(${CUBE}."group", '(.*?)(?:-?\\d{2})')`
}
```

There is also no way to escape such occurrences of the `?` symbol for `sqlstring.format`, so these conflicts cannot be avoided with the existing approach.

This change replaces the placeholder symbol `?` with placeholder tokens of the form `___ClickHouseParam_(\d+)___` in the driver and the clickhouse schema compiler. The remaining logic and escaping of sqlstring (using `sqlstring.escape`) stays intact.

Signed-off-by: W48B1T <[email protected]>
@W48B1T W48B1T requested review from a team as code owners November 19, 2025 22:18
@github-actions github-actions bot added driver:clickhouse Issues related to the ClickHouse driver javascript Pull requests that update Javascript code data source driver pr:community Contribution from Cube.js community members. labels Nov 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

data source driver driver:clickhouse Issues related to the ClickHouse driver javascript Pull requests that update Javascript code pr:community Contribution from Cube.js community members.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@W48B1T