[Mondrian] Bug in Util.singleQuoteString: backslashes not being properly escaped

Julian Hyde jhyde at pentaho.com
Tue May 24 13:27:59 EDT 2011


 

> Jason Schlesinger wrote:
> 
> In Mondrian.olap.Util.singleQuoteString:
> 
> The line:
> String s0 = replace(val, "'", "''");
> 
> Should be replaced with:
> String s0 = replace(replace(val, "'", "''"), "\\", "\\\\");
> or similar in order to escape backslashes.  Currently 
> backslashes in strings escape the next character in the 
> string, or in the case the backslash is the last character in 
> the string, it escapes the encapsulating quote.

That function is intended to create SQL or MDX strings. Those languages
don't escape backslashes. (Unless you count some of MySQL's brain-dead
dialects, which I don't.)

I'm guessing you may be trying to embed an MDX string literal in Java. E.g.

String mdx =
 "with member [Measures].[Constant string] as 'my string' "
 + "select [Measures].[Constant string] on 0 "
 + "from [Sales]";

If so, first use singleQuoteString to deal with any single-quotes in the MDX
string. Then quote the string for Java -- that will deal with any embedded
backslashes, double quotes, and control characters.

Julian




More information about the Mondrian mailing list