Connector/Jã®SQLã¤ã³ã¸ã§ã¯ã·ã§ã³èå¼±æ§
PreparedStatement使ã£ã¦ãã®ã«SQLã¤ã³ã¸ã§ã¯ã·ã§ã³ãèµ·ãããã§ããã©ï¼ã¨ãã話é¡ã徳丸浩ã®æ¥è¨ - Javaã¨MySQLã®çµã¿åããã§Unicodeã®U+00A5ãç¨ããSQLã¤ã³ã¸ã§ã¯ã·ã§ã³ã®å¯è½æ§ããã
åç¾ããã®ã§ãã°ã¬ãã¼ãæãã¦ããã¾ãããMySQL Bugs: #41730: SQL Injection when using U+00A5ã§ãããã¦ããªãããã§è§£æ±ºããããã¨ãæå¾
ãããã¨æãã¾ãã
ãã¡ã®ç¤¾å
ã§characterEncoding使ã£ã¦ãã¨ããã¯ãªããã大ä¸å¤«ãªã¯ãâ¦ãã¨æã£ã¦ããã®ã§ããããã¯ãã³ã¡ã³ããããã ããã¨ãããcharacter_set_server=cp932ã®è¨å®ããããmysqldã«characterEncodingãªãã§ã¤ãªãã å ´åãã¤ã³ã¸ã§ã¯ã·ã§ã³ãèµ·ããã¾ãããsjisãujisãeucjpmsããã¡ã§ããã¨ããããã§ããµã¼ããµã¤ãPreparedStatementã使ã£ã¦ãããããããã¯
- ã¯ã©ã¤ã¢ã³ããµã¤ãPreparedStatement
- character_set_server=utf8
- characterEncodingãªã
ã®è¨å®ã§åãã¦ããã·ã¹ãã ããæãå®ããã«å¹´æ«å¹´å§ãéãããã¨ããããã§ãã
2008/12/26追è¨
Sunã®æ¾ä¿¡ããã試ä½ããããæ稿ãããããã§ãã試ãã«1æåãã¤ã¨ã³ã³ã¼ãã£ã³ã°å¤æããã¦ã¿ã¦ãå¤æå¾ã0x5cã«ãªãæåã«ã¤ãã¦ã¯\\ã«ãã¦ããã¨ã
ãã¼ã¨ãå¤æå¾ãUCS-2ã¨ãã ã¨ããºãããªï¼
â¦(å®é¨ä¸)â¦
試ä½ããã以åã«ãConnector/Jã§character_set_server=ucs2ã®ãµã¼ãã«ç¹ãããªããã§ããã©ãConnector/Jå´ã§characterEncoding=UTF-8ãªã©ã¨ãã¦ããã°ç¹ããã¾ããããããªä»æ§ãã£ãããªâ¦ã
念ã®ããMySQL Bugs: #41752: Can't connect mysqld which character_set_server=ucs2ã§å ±åããã¨ãããVerified as described.ã¨ãããã¨ã§ãã°èªå®ããã¾ãããConnector/Jã¨character_set_server=ucs2ã®çµã¿åããã£ã¦ãä¸çä¸ã§èª°ã使ã£ã¦ããªãã£ãããã§ããã
ã¨ããããã§Bug #41752ã®ããã§å®é¨ãã§ããªãã®ã§ãããUCS-2ãUTF-16ã§ã¯ç¬¬1ãã¤ãã0x5cã«ãªãæåãããã®ã§ãã¨ã¹ã±ã¼ãããå¾ã«ãã¡ãã¨å¤å®ãã¦ãããªãã¨ãããªãã¨æãã¾ããã¾ããã ãã ããã¸ãã¯ãé£ãããªã£ã¦ãã¾ãConnector/Jã®æ§è½ãå£åããªããã©ãããæ°ã«ãªãã¨ããã§ãã
2008/12/27追è¨
ãããããã°ã·ã¹ãã ããåå¿ããã£ã¦ãæ å½ã®æ¹ãã¢ãµã¤ã³ãããããã§ãã解æçµæãå¾ ã¡ããã¨æãã¾ãã
2009/02/19追è¨
2ã¶æã¶ãã«åããããã¾ããã
[19 Feb 8:28] Tonci Grgin Sadao, Yoshinori, we are having internal discussion about this bug and it's not forgotten. Thanks.
å¤§å¹ ãªè¨è¨å¤æ´ã«ãªãã¨æãã®ã§ãæ éã§ãããé å¼µã£ã¦ã»ããã¨æãã¾ãã
2009/02/24追è¨
ããããã§ããããã§ããæ°ããã¨ã³ããªã«ç§»åãã¾ãã
2009/07/29追è¨
ãã®èå¼±æ§ã¯Connector/J 5.1.8ã§ä¿®æ£ããã¾ãããé¢é£è¨äºã以ä¸ã«ç¤ºãã¾ãã