[Mono-bugs] [Bug 61968][Cri] New - String Parameters in a OdbcCommand are not replaced correctly

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 26 Jul 2004 15:35:34 -0400 (EDT)

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by accounts@sandmik.net.


--- shadow/61968	2004-07-26 15:35:34.000000000 -0400
+++ shadow/61968.tmp.6841	2004-07-26 15:35:34.000000000 -0400
@@ -0,0 +1,71 @@
+Bug#: 61968
+Product: Mono: Class Libraries
+Version: unspecified
+OS Details: Fedora Core 2 [2.6.6-1.435.2.1 i686]
+Status: NEW   
+Priority: Critical
+Component: Sys.Data
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: accounts@sandmik.net               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+Summary: String Parameters in a OdbcCommand are not replaced correctly
+Please fill in this template when reporting a bug, unless you know what you
+are doing.
+Description of Problem:
+Steps to reproduce the problem:
+1. Create an OdbcCommand
+2. Specify an SQL with parameters: for example: "SELECT adminid FROM ADMINS
+WHERE username = ? AND password = ?"
+3. When you add parameters, and execute the command, the result is
+something like this: 
+"System.Data.Odbc.OdbcException: [unixODBC][TCX][MyODBC]Unknown column 'us'
+in 'where clause'"
+the us is the paremeter I supplied for Username, this indicates that the
+String Paremters are not being wrapped by single quotes.
+Actual Results:
+String Parameters are not being wrapped by single quotes 
+Expected Results:
+They should behave just like Under windows, by default string parameters
+would be wrapped by single quotes when the sub system replaces the
+paremeters' values.
+How often does this happen? 
+Additional Information:
+A quick small method to show:
+public static int AuthenticateAdmin(string username, string password)
+	IDbCommand cmd = CreateCommand(
+	"SELECT adminid FROM ADMINS WHERE username = ? AND password = ?");
+	AddParameter(cmd, "@un", username, 16);
+	AddParameter(cmd, "@pass", password, 32);
+	object obj = cmd.ExecuteScalar();
+	if (obj == DBNull.Value)
+		return 0;
+	return Convert.ToInt32(obj);
+And Results:
+System.Data.Odbc.OdbcException: [unixODBC][TCX][MyODBC]Unknown column 'us'
+in 'where clause'
+in <0x000c1> System.Data.Odbc.OdbcCommand:ExecSQL (string)
+THE 'us' IS THE VALUE FOR THE @un (username parameter) I supplied