Fix issue 13 - update readme

Author: shulkaolka

README.md

@@ -123,6 +123,8 @@ Internally we use prepared statements, so all incoming data is
 validated against SQL injection, however we had to build a connection from JavaScript types to the SQL data types
 therefore when doing a prepared statements, you would need to add ``:type`` to **each prepared statement variable**.
 
+**Note:** prepared statement variables name could contain: any word character, a digit and a character `_`. 
+
 For example if you have a following SQL statement:
 
 ```sql

src/main/java/io/elastic/jdbc/QueryColumnNamesProvider.java

@@ -44,28 +44,37 @@ public JsonObject getMetaModel(JsonObject configuration) {
   public JsonObject getColumns(JsonObject configuration) {
     JsonObjectBuilder properties = Json.createObjectBuilder();
     String sqlQuery = configuration.getString("sqlQuery");
-    Pattern patternPoint = Pattern.compile("\\B@\\S+");
-    Matcher matcherPoint = patternPoint.matcher(sqlQuery);
-    if (matcherPoint.find()) {
-      do {
-        if (matcherPoint.group().contains(".")){
-          throw new RuntimeException(
-              "The variable name of the prepared statement '"
-              + matcherPoint.group()
-              + "' should not contain '.' symbol");
-        }
-      } while (matcherPoint.find());
-    }
+    Pattern patternCheckCharacter = Pattern.compile("\\B@\\S+");
+    Matcher matcherCheckCharacter = patternCheckCharacter.matcher(sqlQuery);
     Pattern pattern = Pattern.compile(Utils.VARS_REGEXP);
     Matcher matcher = pattern.matcher(sqlQuery);
     Boolean isEmpty = true;
     if (matcher.find()) {
       do {
+        matcherCheckCharacter.find();
         LOGGER.info("Var = {}", matcher.group());
+        LOGGER.info("Var matcherCheckCharacter = {}", matcherCheckCharacter.group());
+        if (!matcher.group().equals(matcherCheckCharacter.group())){
+          throw new RuntimeException(
+              "Prepared statement variables name '"
+              + matcherCheckCharacter.group()
+              + "' contains a forbidden character. "
+              + "The name could contain: any word character, a digit and a character '_'");
+        }
         JsonObjectBuilder field = Json.createObjectBuilder();
         String result[] = matcher.group().split(":");
-        String name = result[0].substring(1);
-        String type = result[1];
+        String name;
+        String type;
+        if (result.length > 0 && result.length < 3){
+          name = result[0].substring(1);
+          if (result.length == 1){
+            type = "string";
+          } else {
+            type = result[1];
+          }
+        } else {
+          throw new RuntimeException("Incorrect prepared statement" + matcher.group());
+        }
         field.add("title", name)
             .add("type", type);
         properties.add(name, field);

src/test/groovy/io/elastic/jdbc/QueryColumnNamesProviderSpec.groovy

@@ -13,7 +13,7 @@ class QueryColumnNamesProviderSpec extends Specification {
   String wrongSqlQuery
 
   def setup() {
-    sqlQuery = "SELECT * FROM films WHERE watched = @watched:boolean AND created = @created:date"
+    sqlQuery = "SELECT * FROM films WHERE watched = @watched:boolean AND created = @created:date AND name = @name"
     wrongSqlQuery = "SELECT * FROM films WHERE watched = @watched.name:boolean"
   }
 
@@ -24,7 +24,7 @@ class QueryColumnNamesProviderSpec extends Specification {
     JsonObject meta = provider.getMetaModel(configuration.build())
     print meta
     expect:
-    meta.toString() == "{\"out\":{\"type\":\"object\",\"properties\":{\"watched\":{\"title\":\"watched\",\"type\":\"boolean\"},\"created\":{\"title\":\"created\",\"type\":\"date\"}}},\"in\":{\"type\":\"object\",\"properties\":{\"watched\":{\"title\":\"watched\",\"type\":\"boolean\"},\"created\":{\"title\":\"created\",\"type\":\"date\"}}}}"
+    meta.toString() == "{\"out\":{\"type\":\"object\",\"properties\":{\"watched\":{\"title\":\"watched\",\"type\":\"boolean\"},\"created\":{\"title\":\"created\",\"type\":\"date\"},\"name\":{\"title\":\"name\",\"type\":\"string\"}}},\"in\":{\"type\":\"object\",\"properties\":{\"watched\":{\"title\":\"watched\",\"type\":\"boolean\"},\"created\":{\"title\":\"created\",\"type\":\"date\"},\"name\":{\"title\":\"name\",\"type\":\"string\"}}}}"
   }
 
   def "get metadata model, wrong sqlQuery"() {