[
https://issues.apache.org/jira/browse/GROOVY-8804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626216#comment-16626216
]
John N Underwood commented on GROOVY-8804:
------------------------------------------
I certainly appreciate Groovy trying to prevent SQL injection. That said...
In my sample code, the only difference between the two query strings is that
one is declared with `def` (which becomes a `GString`) and the other is
declared with `String`. The String version works one way, while the GString
version works quite differently.
I think this difference in behavior is unexpected and I found it difficult and
time-consuming to debug. Is there any *good* way to make the String and GString
versions work the same?
> Sql.rows(gstring) fails while Sql.rows(string) works
> ----------------------------------------------------
>
> Key: GROOVY-8804
> URL: https://issues.apache.org/jira/browse/GROOVY-8804
> Project: Groovy
> Issue Type: Bug
> Components: SQL processing
> Affects Versions: 2.4.15, 2.6.0-alpha-4, 3.0.0-alpha-3, 2.5.2
> Reporter: John N Underwood
> Priority: Minor
>
> Calling `sql.rows(string)` works while calling `sql.rows(gstring)` returns an
> empty result set.
> This indicates a possible bug in the protected method
> `groovy.sql.Sql.asSql()`.
> I have created a sample program which demonstrates the behavior at
> https://github.com/jnunderwood/groovy-sql-test
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
