From d468e2f524022b1b1e5fe0e1d58a4efcc6583545 Mon Sep 17 00:00:00 2001 From: Keuin Date: Sun, 22 Oct 2023 23:21:00 +0800 Subject: bugfix: SQL syntax error in some environment --- gradle.properties | 2 +- src/main/java/com/keuin/blame/lookup/QueryExecutor.java | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/gradle.properties b/gradle.properties index 11e62d9..54856a8 100644 --- a/gradle.properties +++ b/gradle.properties @@ -6,7 +6,7 @@ minecraft_version=1.16.5 yarn_mappings=1.16.5+build.10 loader_version=0.14.23 # Mod Properties -mod_version=2.0.0 +mod_version=2.0.1 maven_group=com.keuin.blame archives_base_name=blame-fabric # Dependencies diff --git a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java index da25064..e11cdda 100644 --- a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java +++ b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java @@ -30,7 +30,7 @@ public class QueryExecutor { // ClickHouse driver's parameterized SQL generator is a piece of shit. // I won't use that. Use string interpolation instead. var sql = "select subject_id, object_id, action_type, ts"; - sql += " from " + escape(DatabaseUtil.DB_CONFIG.getTable()); + sql += " from " + escapeIdentifier(DatabaseUtil.DB_CONFIG.getTable()); sql += " where subject_world=%s and object_x=%d and object_y=%d and object_z=%d".formatted( escape(world), x, y, z ); @@ -47,6 +47,10 @@ public class QueryExecutor { return "'" + s.replace("\\", "\\\\").replace("'", "\\'") + "'"; } + private static String escapeIdentifier(String s) { + return "\"" + s.replace("\\", "\\\\").replace("\"", "\"\"") + "\""; + } + public void byBlockPos( String world, long x, long y, long z, -- cgit v1.2.3